HackTheBox — Sense Writeup
Sense is a Medium level Oscp like linux box on HackTheBox.Before we start, DO NOTE that the firewall will block you after 15 tries of logging in while bruteforcing the login panel.This is the reason why the box has a low rating(2.8) as users think that the box is broken and has problem.However it works fine.
ENUMERATION
We do an nmap scan and find port 80 and 443 open
Port 80 redirects us to the admin panel of pfsense.I tried using the default credentials(admin:pfsense) however that doesnt work. Next, I tried finding hidden directories using dirsearch
I did find some however they were not very useful. Turns out that there are two directories changelog.txt & system-users.txt which we could had found using gobuster by looking for extensions such as txt and php using the (-x) option of gobuster
gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://10.10.10.60 -k -x php,txt,conf
We can finally log in to pfsense using the credentails → rohit:pfsense
Now if we google pfsense exploit, we will find a lot of exploits and its hard finding the right one however this one seemed to work.There is also a metasploit version for it which you can find in some other writeup.
https://www.exploit-db.com/exploits/43560
Lets run the github version
and we finally get a shell.
We are already Root ! thats great. You wont be able to stablize the shell using python as it crashes so simply go to the right directory and find the flags.
I hope you found thw writeup helpful.For more such OSCP like writeups follow me here on Medium.Until Next Time…
- ZEUS