Stuck PRTG Network Monitor within Attacking Common Applications getting the flag

i am stuck on the section to get the flag. i have added to command “test.txt;net user prtgadm1 Pwn3d_by_PRTG! /add;net localgroup administrators prtgadm1 /add” to the exucute program and sent the test notification but when i try to login with CrackMapExec or evilwinrm i am getting a wrong credential. how do i move forward?

I have actually the same issue. I cant find a way to run the code i put in the notification i create via the test function. The version that is shown on the module is older than the one that is on the VM we need to exploit.

Did you manage to solve that? I was able to create a notification and I think I was also able to create a new user, but what next? I trief evil-winrm, etc. but nothing worked :frowning:

Well… It is not realy a “great” solution, but I managed to get the flag using metasploit (use exploit(windows/http/prtg_authenticated_rce)). It always feels a bit like cheating, if I am not able to get it running with like a reverse shell via nc or something alike…