HackTheBox - WingData

IppSec · Beginner ·🔐 Cybersecurity ·19h ago

Skills: Network Security80%

00:00 - Introduction 01:00 - Start of nmap 03:20 - Searching for vulnerabilities in Wing FTP Server 06:20 - Testing the RCE and running a command 09:30 - Weaponizing the POC to get a reverse shell 12:10 - Shell returned, grabbing the password hashes, discovering it uses a hard-coded salt and then cracking it 22:40 - Got the wacky password and can run a python script with sudo, searching for CVE's found one in tarfile 31:40 - Got our Elevated File Write working, finding safe files to get a shell, crontab did not work. But overwriting the script or sudoers.d file did work

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

More on: Network Security

View skill →

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

Building a High-throughput VPN

Configuring Network Connectivity Center as a Transit Hub

VPC Flow Logs - Analyzing Network Traffic

HackTheBox - Intentions

HackTheBox - Intentions

Google Cloud Packet Mirroring with OpenSource IDS

Related AI Lessons

Why your Cloudflare Turnstile token works in the browser but 403s from requests

Learn why Cloudflare Turnstile tokens work in browsers but fail with Python requests and how to fix it

Dev.to · Bassem Shahin

Fuzzing Techniques for Vulnerability Discovery

Learn fuzzing techniques to discover vulnerabilities in your code before attackers do, improving your system's security and reliability

Dev.to · Aviral Srivastava

I Built a Browser-Only HTTP Header Analyzer — Security Scoring, Missing Header Warnings, 147 Tests

Learn to analyze HTTP headers for security and best practices using a browser-only tool with 147 tests

Dev.to · Dev Nestio

The Good, the Bad and the Ugly in Cybersecurity – Week 26

Learn about the latest cybersecurity threats and operations in week 26, including global law enforcement successes and ongoing challenges

Dev.to · Mark0

Chapters (8)

Introduction

1:00 Start of nmap

3:20 Searching for vulnerabilities in Wing FTP Server

6:20 Testing the RCE and running a command

9:30 Weaponizing the POC to get a reverse shell

12:10 Shell returned, grabbing the password hashes, discovering it uses a hard-coded

22:40 Got the wacky password and can run a python script with sudo, searching for CV

31:40 Got our Elevated File Write working, finding safe files to get a shell, cronta

Nobara Linux vs Bazzite: Which Gaming Distro Actually Wins? (2026)