Because the unzipping process often runs with high privileges (or as a user with write access to the webroot), you can create a malicious zip file containing a symbolic link .
FUNHXX17.zip is a target file associated with the (sometimes referred to as Funbox 11 or UnderTheGround) Capture The Flag (CTF) machine, available on platforms like Vulnhub and OffSec's Proving Grounds. Write-up: Funbox UnderTheGround (FUNHXX17.zip) FUNHXX17.zip
After gaining a shell as a low-privileged user (often www-data or tom ): Check for binaries that can be run as root. Because the unzipping process often runs with high
Because the unzipping process often runs with high privileges (or as a user with write access to the webroot), you can create a malicious zip file containing a symbolic link .
FUNHXX17.zip is a target file associated with the (sometimes referred to as Funbox 11 or UnderTheGround) Capture The Flag (CTF) machine, available on platforms like Vulnhub and OffSec's Proving Grounds. Write-up: Funbox UnderTheGround (FUNHXX17.zip)
After gaining a shell as a low-privileged user (often www-data or tom ): Check for binaries that can be run as root.
Copyright KidsQuranReading.com