**Key Finding:** Running inside a Wing FTP Server installation on the actual host (not Docker).
wingdata.htbAfter gaining initial access, checked the environment:
whoami
# Output: wingftp
pwd
# Output: /opt/wftpserver
ls
| Item | Type |
|---|---|
| Data/ | Directory |
| Log/ | Directory |
| lua/ | Directory |
| session/ | Directory |
| session_admin/ | Directory |
| webadmin/ | Directory |
| webclient/ | Directory |
| License.txt | File |
| pid-wftpserver.pid | File |
| README | File |
| version.txt | File |
| wftpconsole | Binary |
| wftp_default_ssh.key | Key |
| wftp_default_ssl.crt | Certificate |
| wftp_default_ssl.key | Key |
| wftpserver | Binary |
Key Finding: Running inside a Wing FTP Server installation on the actual host (not Docker).
cat /etc/passwd | grep -E "bash|sh$"
| Username | UID | Home | Shell |
|---|---|---|---|
| root | 0 | /root | /bin/bash |
| wingftp | 1000 | /opt/wingftp | /bin/bash |
| wacky | 1001 | /home/wacky | /bin/bash |
Target user: wacky
Confirmed we’re on the host system, not in a container:
mount | grep -v overlay
# Shows normal filesystem mounts, no Docker overlay
Contact me on Discord or LinkedIn for the password.
Contact on DiscordHackTheBox policy restricts publishing walkthroughs for active-season machines. This writeup is password-protected to respect that policy while keeping the content available to those who already have access.