![]() This is going to be in the client body, so add the http_client_body option. ![]() ![]() If you are using target based (which now a days you should be), you need to add the service http keyword. This PoC explain how to exploit Wing FTP Server 6.3.8 to get Remote Code Execution Your custom rule sids should be 1000000 or above, anything below this is reserved for the snort distribution rules.Wing FTP Server 6.3.8 - Remote Code Execution Having this in the rule will no prevent the rule from triggering if you aren't using target based, so it's also a good practice to put this in if you know the service this traffic is. Multiple vulnerability was founded on Wing FTP Server 6.3.8: #Wing ftp server exploit how to Wing FTP Server is an easy-to-use, powerful, and free FTP server software for Windows, Linux, Mac OS, and Solaris. It supports multiple file transfer protocols, including FTP, FTPS, HTTP, HTTPS, and SFTP, giving your clients flexibility in how they connect to the server. You can also monitor server performance and online sessions and even receive email notifications about various events taking place on the server.Īnd it provides admins with a web-based interface to administrate the server from anywhere. The C:\Program Files (x86)Wing FTP Server_ADMINISTRATOR\admins.xml file stores the admin credentials by saving the password in an md5 hash, which can be easily deciphered, as shown in the image below: When accessing the Wing FTP Server remote management panel, the credentials are transmitted in clear, as shown in the image below:Īnother vulnerability found is the unprotected storage of the application's admin credentials. In the remote management panel there is a console written in the LUA language, which can be exploited to execute commands in the Operating System through the os.execute() function native to lua.īelow is a remote command execution PoC through the lua console to obtain a reverse shell on the target machine.
0 Comments
Leave a Reply. |