Official Cerberus Discussion

did you proxy metasploit?

I managed to pwned it.

where can i get username and password for exploit?

Got root on webserver but stuck now, someone with a nudge to go further so I can get a cmd of the user in Windows?

Hello , i found a script to PE from firejail but when i sudo su - (after … --join ) , the system says that i am not in the list of sudoers .

Don’t use sudo :slight_smile:

Rooted :slight_smile:

oh , yes , sometimes it s so simple that i even try it XD

for the exploit RCE , do i need username and password, if so what file on the server has it?
I stuck at very first

1 Like

i am in same problem ,how to get username and password for the web?

yes you need one . search on the web for the config files of icinga and you will find it with the lfi you should allready found.

i found a ticket , got the hash but no way to connect with evil-winrm on the windows box with the machine account found in the ticket or with the only known user on the linux box … is there an other account to found on the linux box ?

Do you have direct access to the windows box?

yes now , i am in . Not directly (evil-winrm through chisel ) . But i have to dig into the windows box now

1 Like

After the exploit and join, did you try sudo in a different terminal?

I have the hashes from the shadow file after getting root on the second exploit (or third), but can’t get John to crack them. I used —format=crypt and the 10 million list after Rock You wasn’t working.

you can’t crack this one , i think it is too complex . you have to go out this first box flags are not on the linux box.A linux can join an active directory too…

I thought I needed the credentials to get to the Windows box; using chisel. Or maybe evil-winrm but I would think that wouldn’t work to the 172 address of the DC.

I found the correct hash… it was stored in the cache. Cracked it in minutes. Will look into next step tomorrow or next day. Work, so this happens on the side.

1 Like

just got the user… pheww… that took alot out of me… :yawning_face: