PRTG Network Monitor
Introduction
Network monitor software, prevalent in
internal networks
Typical ports:
80
,443
,8080
Default credentials:
prtgadmin:prtgadmin
PRTG Network Monitor Authenticated RCE [CVE-2018-9276]
Affected versions: versions prior to
18.2.39
Description: When creating a new notification, the Parameter field is passed directly into a PowerShell script without any type of input sanitization
Steps to reproduce:
Login
βSetup
βAccount Settings menu
βNotifications
βAdd new notification
Give the notification a name
Scroll down and tick the box next to
EXECUTE PROGRAM
Under
Program File
, selectDemo exe notification - outfile.ps1
from the drop-down.In the
parameter field
, enter a command.Example - add a new local admin user:
test.txt;net user prtgadm1 Pwn3d_by_PRTG! /add;net localgroup administrators prtgadm1 /add
After clicking
Save
, we will be redirected to the Notifications page and see our new notification named pwn in the list.Click on
Test
orRun
to xecute the notification and run the command
Last updated
Was this helpful?