WingData is a Linux machine running a vulnerable instance of Wing FTP Server. Initial access is achieved through an unauthenticated Remote Code Execution vulnerability that allows Lua injection via the web interface. Privilege escalation exploits a Python tarfile symlink filter bypass to write arbitrary files as root.
You need to be signed in to access protected stories.
For hints/guidance/requests, you can join our Discord Server
*Following HTB policies, the solutions to live machines will not be shared publicly even on the Discord server.