HTB Netmon WIP writeup
This is a very old machine but that doesn’t mean we can’t practice it and learn something.
- Always add to our /etc/hosts file
2. nmap to find any entry points
3. Install FTP (apt install ftp) if you’re using ParrotSec OS, it is not pre-installed
4. FTP in as anonymous and no password (hit enter when prompted for password)
5. Let’s see what’s in the Users/Public folder
6. We know we can FTP in, but let’s check out the website likely running on port 80
7. Using DuckDuckGo (or your preferred search engine) we can find default creds for PRTG. Try them but no luck
8. Let’s see where PRTG stores its config files (%programdata%\Paessler\PRTG Network Monitor). Back to our FTP session
9. Navigate to the path above and we’ll find three config files. FTP get them all
10. Start with the Configuration.old file first, vi it and /pass then hit enter to search vi for any passwords
11. We are able to use this password along with the default admin name to access the web UI as admin
12. ??? WIP