It labs available on vulnhub, tryhackme and offsec

I solve this lab in offsec play labs

Port Scanning First,

We scanned our Monitoring Lab with nmap using the following command:

And these show the result:

let’s see what’s on 80 and 443 first of all.Run website;

Same content for both 80 and 443 ports.

It any Nagios XI website I don’t know I search in google.

click on Access Nagiox XI, it redirect to login page

let’s try with metasploit if we can get something. Let’s search for nagios with:

let’s try with metasploit if we can get something. Let’s search for nagios with:

• msfconsole

and then

• search nagios

we got this:

We used the Nagios_xi_authenticated_rce module and we set all the need information and then run:

The RHOST is the Monitoring box, LHOST is your attacking machine (Kali in this case) and PASSWORD is the password which will be used for login.

Successfully you hack this machine and u can assess all directory of website,