Some versions of this challenge require you to crack the password of FUNHXX17.zip using fcrackzip or john with the rockyou.txt wordlist. The password is often found to be "p@ssword" or similar simple variations. 3. Initial Access Once unzipped by the system:
Because the unzipping process often runs with high privileges (or as a user with write access to the webroot), you can create a malicious zip file containing a symbolic link . FUNHXX17.zip
Depending on the version of the VM you are running, it may be vulnerable to recent Linux kernel exploits. Some versions of this challenge require you to