Sense
This is my write-up for the machine Sense on Hack The Box located at: https://app.hackthebox.com/machines/Sense.
nmap scan: nmap -T4 -A -v -Pn 10.10.10.60 -oN sense.nmap
There are two ports open, on port 80, we see the following:
It seems that pfSense is running on the system. I tried the default credentials of admin:pfsense, but that did not work out. I ran a dirsearch command (dirsearch -u https://10.10.10.60/
) to see what I was able to get access to and found this:
There still seems to be one vulnerability in place. I ran different searches in the directory to try to find something else, but came up short. When I viewed the official write-up to see what I missed, apparently running the lowercase medium word-list in dirbusters word-list directory would have shown me an IP_Address/system-users.txt file:
The company defaults for pfSense was pfsense. The credentials rohit:pfsense got me into the system:
Searching for "pfsense" on metasploit showed me a couple of results for exploits. I chose one and then fixed the options to work for this box:
I then had a reverse shell:
I was then able to find the user.txt flag in rohit's home directory:
I was then able to get the root flag as well:
Last updated