To be honest I could not root this machine for 20 minutes. I had spent about 1,5 hours before I reached the aim. It involved enumeration, bruteforcing, bypassing bash restrictions and reverse shell. Let’s begin our pentest.
Ok, we downloaded and installed the Funbox. Than, using netdiscover, we recognized it’s IP-address: