Poc

Being Stubborn Pays Off pt. 2 – Tale of two 0days on PRTG Network Monitor

22 May 2020 ~9 min By Javier Jimenez

0day Exploit Development Webapps Dos Monitor Network Poc Proofofconcept Prtg Prtg Network Monitor Rce Shodan

0day
Exploit Development
Webapps
Dos
Monitor
Network
Poc
Proofofconcept
Prtg
Prtg Network Monitor
Rce
Shodan

Intro Last year I wrote how to weaponize CVE-2018-19204. This blog post will continue and elaborate on the finding and analysis of two additional vulnerabilities that were discovered during the process; one leading to an arbitrary write as system where the contents can’t be fully controlled and the other leading to Remote Code Execution as SYSTEM. Both vulnerabilities require you to have the administrator password for PRTG Network Monitor. Often you just get lucky, as the software defaults to prtgadmin:prtgadmin for the username and password respectively.

Page 1 of 1