Create a symlink to a sensitive file (like /root/root.txt or /etc/shadow ) or a directory. Compress the symlink using the --symlinks flag in zip . Upload it back to the server.
The machine runs a background cron job or script that automatically processes/unzips files placed in certain directories (like /var/www/html/uploads or the FTP upload folder). FUNHXX17.zip
If you used a symlink, you can now read the linked file through the web server. Create a symlink to a sensitive file (like /root/root
Because the unzipping process often runs with high privileges (or as a user with write access to the webroot), you can create a malicious zip file containing a symbolic link . The machine runs a background cron job or
If the zip contained a , you simply navigate to the location where the script was extracted to trigger a connection back to your listener ( nc -lvnp 4444 ). 4. Privilege Escalation
Depending on the version of the VM you are running, it may be vulnerable to recent Linux kernel exploits.
FUNHXX17.zip is a target file associated with the (sometimes referred to as Funbox 11 or UnderTheGround) Capture The Flag (CTF) machine, available on platforms like Vulnhub and OffSec's Proving Grounds. Write-up: Funbox UnderTheGround (FUNHXX17.zip)