![]() In the remote management panel there is a console written in the LUA language, which can be exploited to execute commands in the Operating System through the os.execute() function native to lua.īelow is a remote command execution PoC through the lua console to obtain a reverse shell on the target machine. Wing FTP Server 2003-2022 All Rights Reserved. Wings is the next generation server control plane from Pterodactyl. ![]() The C:\Program Files (x86)Wing FTP Server_ADMINISTRATOR\admins.xml file stores the admin credentials by saving the password in an md5 hash, which can be easily deciphered, as shown in the image below: Free FTP Server Software.Wing linux download. ![]() with a web-based interface to administrate the server from anywhere. When accessing the Wing FTP Server remote management panel, the credentials are transmitted in clear, as shown in the image below:Īnother vulnerability found is the unprotected storage of the application's admin credentials. This PoC explain how to exploit Wing FTP Server 6.3.8 to get Remote Code Execution. Wing FTP Server 2003-2022 All Rights ReservedThe web client requires that you have Javascript enabled on your browser.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |