HTB Netmon WIP writeup

This is a very old machine but that doesn’t mean we can’t practice it and learn something.

1. Always add to our /etc/hosts file

2. nmap to find any entry points

FTP with anonymous login

3. Install FTP (apt install ftp) if you’re using ParrotSec OS, it is not pre-installed

4. FTP in as anonymous and no password (hit enter when prompted for password)

5. Let’s see what’s in the Users/Public folder

That was… easy.

6. We know we can FTP in, but let’s check out the website likely running on port 80

7. Using DuckDuckGo (or your preferred search engine) we can find default creds for PRTG. Try them but no luck

8. Let’s see where PRTG stores its config files (%programdata%\Paessler\PRTG Network Monitor). Back to our FTP session

We can get into ProgramData

9. Navigate to the path above and we’ll find three config files. FTP get them all

When using ftp get, they will go to the directory you executed the ftp connection from

10. Start with the Configuration.old file first, vi it and /pass then hit enter to search vi for any passwords

11. We are able to use this password along with the default admin name to access the web UI as admin

12. ??? WIP