Official Cerberus Discussion

redawl · March 20, 2023, 11:30pm

Anyone know if there should be a service running on port 9251? Seems like there should be but I don’t see it listed in netstat

princofwales · March 20, 2023, 11:30pm

Got creds. Trying to get user, trying to build a payload.

Victorhin0 · March 20, 2023, 11:40pm

Trying to form the payload using this method, but it doesn’t seems to be accepted… I’m clueless

simpson1987 · March 21, 2023, 12:22am

i have root on the container.
any hints on breaking out of the container.

0xc0rvu5 · March 21, 2023, 12:32am

Also struggling here. Can obtain an NTLM hash from krb5.keytab, but not sure what to do with it yet.

supermeisty · March 21, 2023, 1:01am

Also struggling to get the RCE to work. Read the blog post thorougly but still can’t understand where to go from here. Any hints would be appreciated

lim8en1 · March 21, 2023, 1:45am

Why do you need to find one if you can create one?

lim8en1 · March 21, 2023, 1:46am

there should be a service there, yeah

podsrus · March 21, 2023, 1:50am

Im not able to find a .pem file to write to. I tried default locations and to no avail. Any help via DM will be greatly appreciated!

lim8en1 · March 21, 2023, 1:51am

Any hints on getting to the admin? I think I’ve found the vulnerability but I’m struggling with triggering it.

n0x103 · March 21, 2023, 2:59am

i ended up using msf since the POC wasn’t working for me even with all the same parameters. I assume probably a payload issue.

lim8en1 · March 21, 2023, 4:31am

wth, metasploit worked fine with the same parameters 0.o

lim8en1 · March 21, 2023, 5:55am

PM me if you need hints for the box. Imo this box is really hard, even if you have a general idea of what to do next you often find yourself struggling with how exactly to do that.
The bad thing is how annoying it is to restore access to the windows after getting user and taking a break or getting some network connection issues (maybe I should have worked more on automation of getting the foothold though).
It was a nice try harder machine overall.

D3rix · March 21, 2023, 10:33am

Need help, I’ve added the redirect to my hosts but still don’t get any response from the webserver…

D3rix · March 21, 2023, 10:34am

I’m having the same issue… Have you gotten pass it?

SaintStaunch · March 21, 2023, 10:38am

icinga.cerberus.local

^^ add it to etc hosts like that, with the ip for your instance before it and tab instead of space between the ip and the domain name

D3rix · March 21, 2023, 11:34am

I tried… still not getting response

SaintStaunch · March 21, 2023, 11:47am

Have you pinged the RHOST? What browser are you using? BurpSuites default port is 8080, try with that off maby? IN the shell you executed your VPN key . Does it say Initialization Sequence Completed at the bottom? If not, run it with sudo. If still not ? Download new VPN keys !

Im0s · March 21, 2023, 11:48am

Hello,

I’m trying to escape the container … any tips ?

D3rix · March 21, 2023, 11:54am

Thanks finally got t the login page

Topic		Replies	Views
Official Compromised Discussion Machines	210	22163	January 25, 2021
Official Surveillance Discussion Machines	97	6492	April 19, 2024
Official Hancliffe Discussion Machines	12	1584	March 4, 2022
Remote Machines	1025	136113	March 27, 2021
Official Omni Discussion Machines	358	40585	January 12, 2021

Official Cerberus Discussion

Related topics