HTB Netmon Walkthrough (Metasploit)
We can start off doing a nmap scan to see what is open
We can see that ftp is open so lets start there and see if we can use Anonymous to login
We got a successful login so lets start enumerating and see what we can find
We were able to get the user.txt file out of C:/Users/Public, Lets see what else we can find.
After a bit of enumeration we found PRTG Configuration.old.bak in the C:/ProgramData/paessler/PRTG Network Monitor directory. Lets look in it and see if we can find anything
Digging through the file we came across what looks to be a username and password. Lets head over to the website and see if we can use them there.
Using the username and password we found, we get a login failed. I noticed that the ending of the password ended in 2018, so lets try and increase the year and see if that will work.
Success we now have a username and password! Lets see if we can find any exploits for this system.
Using Metasploit we can see that there is a authenticated RCE. Lets load this up with out username and password and see if we can get a shell.
Looks like using this exploit we were able to get a shell as system. From here we can go to the admin directory and get the root flag.
- @ August 10, 2021 1:46 am