Once logged in as an administrator on the PRTG dashboard, you can exploit the "Notifications" feature. By creating a new notification that executes a malicious .ps1 or .bat file, you can trigger a reverse shell or create a new admin user. Tools Used Nmap: For port scanning and service identification. FTP Client: To browse the file system anonymously.
For finding PRTG-specific RCE exploits.
To log in once administrative credentials or a new user have been established. HackTheBox Writeup — Netmon - Faisal Husaini netmon-htb
The quickest path to the user flag involves the FTP service: Once logged in as an administrator on the
is an "Easy" rated Windows machine on Hack The Box that focuses on misconfigurations and information disclosure within the PRTG Network Monitor application. Phase 1: Initial Enumeration FTP Client: To browse the file system anonymously