CVE-2018-9276

This exploit leverages an authenticated RCE vulnerability in PRTG Network Monitor by creating malicious notifications that execute arbitrary commands via crafted file writes and PowerShell execution. It adds a new admin user 'pentest' with a known password.

This is a Python-based exploit for CVE-2018-9276, an authenticated command injection vulnerability in PRTG Network Monitor versions prior to 18.2.39. The exploit automates the process of obtaining a session, creating a malicious file, and executing a reverse shell payload.

This repository contains a functional Python exploit for CVE-2018-9276, an authenticated remote code execution vulnerability in PRTG Network Monitor 18.2.38. The exploit leverages an unsanitized 'message_10' parameter in the notification system to inject and execute arbitrary commands via a crafted EXE/Script notification.

This repository contains a Python3 exploit for CVE-2018-9276, an authenticated command injection vulnerability in PRTG Network Monitor versions prior to 18.2.39. The exploit leverages Impacket for SMB operations and establishes a reverse shell via crafted notifications.

This script exploits an authenticated RCE vulnerability in PRTG Network Monitor by creating malicious notifications that execute arbitrary commands via file creation and user addition. It leverages the notification system to trigger payload execution.

This repository contains a functional Python exploit for CVE-2018-9276, a command injection vulnerability in PRTG Network Monitor. The exploit leverages the `message_10` parameter in a POST request to execute arbitrary commands, specifically adding a new user with administrative privileges.

This repository contains a functional Python3 exploit for CVE-2018-9276, an authenticated command injection vulnerability in PRTG Network Monitor versions prior to 18.2.39. The exploit leverages Impacket for SMB operations and establishes a reverse shell via crafted HTTP requests to the PRTG API.

This Metasploit module exploits an authenticated RCE vulnerability in PRTG Network Monitor by creating and triggering a malicious notification with a PowerShell payload. The exploit chains poorly validated input in the script name to execute arbitrary commands under a privileged context.