Writeup: Cerberus

Descripción

Cerberus ejemplifica una cadena de ataque compleja, desde enumeración web limitada y vulnerabilidades en Icinga, pasando por contenedores Linux, pivot interno y escalada final en AD a través de ADSelfService Plus.

Temas

• Network and Portscannign

• Discovery of the Subdomain (Icinga Web 2)

• Path Traversal (CVE -2022-24716) Discovery of Credentials in resources.ini

• Exploitation (Icinga Web 2 - 2.9) Authenticated Remote Code Execution (CVE -2022-24715)

• Abusing the Binary Firejail SUID (CVE -2022-31214) Privileges Escalation of Container

• Discovering Hashes Sha512 with Linpeas.sh + Hash Cracking with John

• Portforwarding with Chisel - Intrusion Via WinRM (Windows DC Machine)

• Enumeration and Discovery of Manageengine AdSelfservice Plus Ports TCP 443 and 9152

• Explotation ManageEngine ADSelfService Plus (CVE -2022-47966) Privilege Escalation with Metasploit

Video Chaos

Relaciones con otras máquinas

• Editorial

Recursos

• Path Traversal Vulnerabilities in Icinga Web
• Icinga Web 2 - Authenticated Remote Code Execution 2.8.6, 2.9.6, 2.10
• Chisel
• Rappit 7 - Metasploit
• Firejail exploit SUID

Referencias