Machine Synopsis

`WingData` is an easy-difficulty Linux machine featuring a Wing FTP Server web client exposed on port `80` via an Apache reverse proxy. The instance is running version `7.4.3`, which is vulnerable to CVE-2025-47812, allowing unauthenticated remote code execution through the anonymous user account to gain a foothold as `wingftp`. Enumerating the server's configuration directory reveals salted SHA-256 password hashes. The hash for `wacky` is successfully cracked, and the recovered credentials are reused for SSH access. Privilege escalation is achieved via a `sudo` rule allowing `wacky` to run a Python backup restoration script as `root`. The script invokes Python's `tarfile` module, which is vulnerable to CVE-2025-4517, and is leveraged to get a root shell.