Cerberus
Cerberus
Cerberus 534
Cerberus
RETIRED MACHINE

Cerberus

Cerberus - Windows Windows
Cerberus - Hard Hard

4.3

MACHINE RATING

1754

USER OWNS

1286

SYSTEM OWNS

18/03/2023

RELEASED
Created by TheCyberGeek & TRX

Machine Synopsis

Cerberus is a Hard Difficulty Windows machine that initially presents a scant range of open services. The primary point of entry is through exploiting a pre-authentication vulnerability in an outdated `Icinga` web application, which then leads to Remote Code Execution (RCE) and subsequently a reverse shell within a Linux container. Here, a `Firejail` `SUID` binary is discovered, which can be manipulated for privilege escalation inside the container using `CVE-2022-31214`. Further investigation reveals that the machine utilizes `Kerberos` authentication with `sssd`, harboring a cached credential hash. Once cracked, this credential can is reused on the host machine, although this necessitates the forwarding of the `WinRM` port for access. Various local ports, some specific to `ADSelfService Plus`, are found active on the host machine, authenticated through `SAML`, and linked to a known CVE (`CVE-2022-47966`) with an available Metasploit module. The final hurdle involves careful enumeration of the filesystem to locate a `ManageEngine` backup, which provides the necessary data for exploiting `ADSS SAML` authentication.

Machine Matrix

Ready to start your
hacking journey?