Rce

Summary WingData is a Linux machine built around Wing FTP Server. The intended path chains a Wing FTP unauthenticated RCE into credential recovery for SSH access as wacky, followed by a root escalation through a Python tarfile extraction bug exposed by a sudo-allowed restore script. Attack chain: Wing FTP exposure → config leakage / credential recovery → SSH as wacky → vulnerable tar restore script → root Step Technique Result Recon nmap, vhost checks, ffuf Wing FTP attack surface identified Initial access Wing FTP RCE / recovered credentials SSH as wacky Privilege escalation CVE-2025-4517 (tarfile.extractall(filter="data")) root Target ...

Summary SmartHire is a medium-difficulty Linux machine from HackTheBox. It hosts an AI hiring platform built with Flask on nginx, using MLflow for model management. Initial access is gained via CVE-2024-37054, a pickle deserialization vulnerability in MLflow that allows remote code execution by overwriting a model artifact with a malicious payload. Privilege escalation exploits a writable plugin directory combined with a sudo rule — a crafted .pth file executed by site.addsitedir() runs as root. ...