

I’ve mentioned this before but SSH on port 22 in terms of penetration testing is rarely the initial entry point for a box.

However we don’t find anything else useful. Here again we confirm the hidden directories we found with Gobuster. When I encounter a webserver or a HTTP port I always can it with Nikto. Only a couple of directories and nothing that looks particularly interesting. gobuster dir –wordlist /usr/share/wordlists/dirb/big.txt –url 172.31.1.9ĭidn’t find very much using Gobuster. I’ll use Gobuster to find any hidden directories that might be lurking behind port 80. SSH on 22, a web server on 80, and a uncommon port of 6379 which is hosting Redis 4.0.8. Get in the habit of scanning all TCP ports, as with Red if you only scan the top 1000 ports you will miss port 6379. In the remote management panel there is a console written in the LUA language, which can be exploited to execute commands in the Operating System through the os.execute() function native to lua.īelow is a remote command execution PoC through the lua console to obtain a reverse shell on the target machine.As per usual we start with a Nmap scan of the target. The C:\Program Files (x86)Wing FTP Server_ADMINISTRATOR\admins.xml file stores the admin credentials by saving the password in an md5 hash, which can be easily deciphered, as shown in the image below: When accessing the Wing FTP Server remote management panel, the credentials are transmitted in clear, as shown in the image below:Īnother vulnerability found is the unprotected storage of the application's admin credentials. You can also monitor server performance and online sessions and even receive email notifications about various events taking place on the server. And it provides admins with a web-based interface to administrate the server from anywhere. It supports multiple file transfer protocols, including FTP, FTPS, HTTP, HTTPS, and SFTP, giving your clients flexibility in how they connect to the server. Wing FTP Server is an easy-to-use, powerful, and free FTP server software for Windows, Linux, Mac OS, and Solaris. Multiple vulnerability was founded on Wing FTP Server 6.3.8: This PoC explain how to exploit Wing FTP Server 6.3.8 to get Remote Code Execution

Wing FTP Server 6.3.8 - Remote Code Execution
