CACTI
OFFSEC - Proving Grounds - CACTI
·1813 words·9 mins
OFFSEC PG PRACTICE
CACTI
Cacti v1.2.28 on port 80 exploited via CVE-2025-24367 for webshell, gaining initial access as www-data. Found credentials in config.php, reused to escalate to root.