HackTheBox — Sense Writeup

ZeusCybersec
3 min readNov 1, 2022

Sense is a Medium level Oscp like linux box on HackTheBox.Before we start, DO NOTE that the firewall will block you after 15 tries of logging in while bruteforcing the login panel.This is the reason why the box has a low rating(2.8) as users think that the box is broken and has problem.However it works fine.

ENUMERATION

We do an nmap scan and find port 80 and 443 open

Port 80 redirects us to the admin panel of pfsense.I tried using the default credentials(admin:pfsense) however that doesnt work. Next, I tried finding hidden directories using dirsearch

I did find some however they were not very useful. Turns out that there are two directories changelog.txt & system-users.txt which we could had found using gobuster by looking for extensions such as txt and php using the (-x) option of gobuster

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://10.10.10.60 -k -x php,txt,conf

2 out of 3 vulns are patched that means 1 vulnerability still exists !
we found credentials

We can finally log in to pfsense using the credentails → rohit:pfsense

Now if we google pfsense exploit, we will find a lot of exploits and its hard finding the right one however this one seemed to work.There is also a metasploit version for it which you can find in some other writeup.

https://www.exploit-db.com/exploits/43560

Lets run the github version

and we finally get a shell.

We are already Root ! thats great. You wont be able to stablize the shell using python as it crashes so simply go to the right directory and find the flags.

I hope you found thw writeup helpful.For more such OSCP like writeups follow me here on Medium.Until Next Time…

- ZEUS

--

--

ZeusCybersec

I am a Penetration Tester, Currently pursuing OSCP. Skilled in Network Pen-testing and Developing Security Tools using Python. YouTube-ZeusCybersec