Abusing SolarWinds Network Performance Monitor for Post-Exploitation
Background: During a pentest late last year I got access to a SolarWinds Network Performance Monitor (NPM) application via its web administration console. I got lucky, the admin had just started setting it up and he/she hadn’t gotten around to changing its default credentials. I didn’t think much of the access at first, all I…