Skip to main content

One post tagged with "Weak Authentication"

Weak authentication refers to the use of inadequate or easily compromised methods to verify the identity of users or systems accessing a network or system. This can include using weak passwords, default or hard-coded credentials, or unsecured protocols such as Telnet or FTP. Weak authentication makes it easy for attackers to gain unauthorized access and compromise sensitive data, making it a significant security risk that must be addressed.

View All Tags

HTB | Netmon | Write-Up

· 16 min read

Summary:

We navigate the Hack The Box website starting by spawning a target machine. Next, we perform reconnaissance on the target to gather initial information and identify an FTP server running on it. We use anonymous authentication to access the FTP share, then enumerate the files available on this share.

Continuing our investigation, we access the NETMON configuration files and extract user credentials from them. Modifying these credentials to suit our needs, we proceed to access the PRTG Network Monitor web interface. Utilizing Metasploit's capabilities, we exploit CVE-2018-9276 to gain shell access with the "LocalSystem" account, thereby achieving system level access. With this access in hand, we grab both the user flag and root flag, ultimately declaring System Own status once these tasks are accomplished.

Machine Name: Netmon | Difficulty: Easy | OS: Windows