HTB Starting Point — Funnel
Box info | OS: Ubuntu 20.04.5 LTS (Linux 5.4.0-135-generic) | Difficulty: Very Easy | Tier: 1 | Status: Starting Point Skills: FTP enumeration, SSH login, local port discovery, PostgreSQL, SSH tunneling Pwned: 2026-04-28 TL;DR Funnel is a Tier 1 box that teaches SSH pivoting through an FTP credential leak. A port scan finds only FTP (21) and SSH (22). Anonymous FTP access reveals a company welcome letter and a password policy PDF. The default password funnel123#!# combined with one of the listed usernames grants SSH access as christine. Inside the system, PostgreSQL is running on 127.0.0.1:5432 (inside a Docker container). It’s not reachable from outside. An SSH local port forward tunnels the database port to the attacker machine. Connecting to PostgreSQL as christine with the default password reveals a secrets database containing the flag. A multi-step chain: FTP → credentials → SSH → port forward → PostgreSQL → flag. ...