# cacti

### Interesting Paths

```
# version
/CHANGELOG

# config file
/usr/share/cacti/cacti/include/config.php
/usr/share/cacti/cacti/include/config.php.dist
```

### Default Credentials

```
admin:admin
```

### RCE (unauthenticated)

v1.2.8

```
https://github.com/mhaskar/CVE-2020-8813
https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/

# if doesnt work try modified one
```

[cacti v1.2.8 unauthenticated RCE](https://github.com/iamkashz/ctf-scripts/blob/main/cacti-unauth-rce-v1.2.8.py)

### RCE (authenticated)

v1.2.12

```
https://www.exploit-db.com/exploits/49810
https://github.com/0z09e/CVE-2020-14295
```