After gaining a shell as a low-privileged user (often www-data or tom ): Check for binaries that can be run as root.
Most write-ups note that FTP allows Anonymous login . Inside the FTP directory, you will find FUNHXX17.zip among other files. FUNHXX17.zip
Some versions of this challenge require you to crack the password of FUNHXX17.zip using fcrackzip or john with the rockyou.txt wordlist. The password is often found to be "p@ssword" or similar simple variations. 3. Initial Access Once unzipped by the system: After gaining a shell as a low-privileged user
Scanning the web server (Port 80) usually reveals a directory like /backups/ where this same zip file might be hosted or referenced. 2. Exploiting FUNHXX17.zip FUNHXX17.zip