Prtg Network Monitor Exploit With POC

HacktheBox Irked: Walkthrough
April 27, 2019
Hackthebox Lightweight Walkthrough
May 11, 2019
Share This:

Prtg Network Monitor Exploit With POC

PRTG Network Monitor (Paessler Router Traffic Grapher until version 7) is an agentless network monitoring software from Paessler AG. It can monitor and classify system conditions like bandwidth usage or uptime and collect statistics from miscellaneous hosts as switches, routers, servers and other devices and applications.

Gathering Creds

If you Have Creds to login PRTG Admin panel its fine and if you don’t have you have to somehow get the creds from

C:\Programdata\Paessler\PRTG Network Monitor\

In this folder check for the PRTG Configuration.dat or
PRTG Configuration.old.bak

Old version of prtg network monitor contain the password in plain text.

Now you can just find a string from the file like default username prtgadmin this will revel password also

Now Lets Login

Exploiting:

Prtg network monitor is vulnerable of command injecting

We can create notifications and can execute them

Now we Need to create New Notification To Do So Click On Add New Notification

Now Here We can give any Command We want to execute

First give any name to notification then scroll down and Select Execute Program

Now in program file option try to select both one by one to see which one works for you

And in Parameter section give the command after one command which you want to execute

Example : test.txt ; HEREGIVETHECOMMAND.

Now You need to execute the notification to do so

First Save the notification then select your notification

And Now Click on the notification bell to execute this

https://i0.wp.com/thehackingtutorials.com/wp-content/uploads/2019/04/fi.png?fit=1024%2C459&ssl=1

The command is successfully run’s

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: