Official Cerberus Discussion

HTB Content Machines
65

Nice man , Have fun :tophat:

66

Thanks manā€¦any hints on gaining initial access.
Iā€™d appreciate it

67

Itā€™s an hard box you know. You shouldnā€™t start with this one if itā€™s one of your first otherwise, youā€™re almost sure to disgust yourself.
If youā€™re okay with this box, you should find many clues in this thread about the initial access.

2 Likes
68

Anyone eager to give some tips about the first RCE?
Keep trying but canā€™t get it to workā€¦ :sweat_smile:

69

Nudge for the container breakout would be great :slight_smile:
Already accomplished RCE, PrivEsc and found the keytab. No luck with portforwarding and winrm

70

Hint for privec ?

71

Use chisel for port forwarding

1 Like
72

Sure, PM me

1 Like
73

firejail

74

popped root in the nixenv, but am having nothing but issues running traffic through a tunnel. you mind if i PM you for a chisel sanity check? have not gotten any results at all for a portscan.

75

Sure

1 Like
76

is forging ticket from keytab the right path?
looks like no suitable spn for DC in keytab. i tried forge one but failed to authenticate winrm.

77

No, enumerate the machine more. There is a user on the Linux machine and it exists there for a reason.

Check out configs and dbs used by AD on Linux systems

1 Like
78

Any tips for administrator? Already got user flag.

79

Check out listening ports, use port-forwarding.
Try to login to the app and sniff all requests/responses.
Look for cve, all the parameters for it you should have on hand already.

1 Like
80

thanks. iā€™ve seen its log when searching some info.
now investigate more on it.

81

still have a problem with upload anything using ssh resource form. I donā€™t know what is wrong. ssh-keygen -t rsa -b 4096 -f ./mykey is in my opinion correct. But the form still has a problem ā€œThe given SSH key is invalidā€.
Have anyone any idea what could be wrong with key ?
When i tryed to use payload directly with definitely working crt file usinf file:///filepathā€¦ it is also finish with mentioned error. Iā€™m unhappy that i canā€™t figure out what is wrong more days. Using BurpSuite it is also the same.
I reseted Box and again the sameā€¦
Thanx for help

82

you can generate key not only with ssh-keygen :slightly_smiling_face:

1 Like
83

ou, you are right, opensslā€¦ im so stupid. Thanx a lot for kick :slight_smile:

84

jesus, 3 daysā€¦ working now. Thanx a lotā€¦ :smiling_face_with_three_hearts:

1 Like