pentestmedium

WingData (Wing FTP RCE → Python tarfile PATH_MAX bypass)

hackthebox

Task: Full HackTheBox machine with Wing FTP Server v7.4.3. Solution: CVE-2025-47812 unauthenticated RCE via NULL byte injection in username for initial access, SHA-256 salted hash cracking for user credentials, then CVE-2025-4517 Python tarfile data filter PATH_MAX bypass for privilege escalation to root.

$ ls tags/ techniques/

apache hashcat ssh wing_ftp cve-2025-47812 cve-2025-4517 null_byte_injection lua_injection session_injection sha256_salted_hash tarfile_data_filter path_max_bypass symlink_escape python_tarfile

null_byte_session_injection_rcelua_code_injection_via_sessionsha256_salt_crackingtarfile_path_max_symlink_escapenested_directory_path_overflowssh_key_injectionbase64_exfiltration

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]