This Metasploit module exploits an authenticated remote code execution vulnerability in PRTG Network Monitor. Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a user-supplied command allowing command execution under the context of privileged user. The module uses provided credentials to log in to the web interface, then creates and triggers a malicious notification to perform remote code execution using a Powershell payload. It may require a few tries to get a shell because notifications are queued up on the server. This vulnerability affects versions prior to 18.2.39.
c4ad3f67d521bd09be953b85a6d838485af4c4523264fbbbeb295896439dc54a
PRTG Network Monitor version 18.2.38 authenticated remote code execution exploit.
caa8e8d6c84347a1761464ae9cd384e08ce642f7747909ce0a123c579c8d1899
PRTG versions prior to 18.2.39 suffer from a command execution vulnerability.
be172df4e5e049f038651f97c69949e433053a898b84ab8c3c1091021c78c536