SENSE
- Layout for this exercise:

1 - INTRODUCTION
- The goal of this exercise is to develop a hacking process for the vulnerable machine Sense, what is a retired machine from the Hack The Box pentesting platform:
https://www.hackthebox.eu/
2 - ENUMERATION
- Sense's IP is 10.10.10.60:

- Scanning with Nmap there are just two open ports:

- Going to the web server we find a pfSense (open source firewall and router) login page:

- Dirbusting Sense for files of .txt and .php extensions:

- The result shows two promising text files to be read: changelog.txt and system-users.txt

- Reading changelog.txt we learn that there is still one unpatched vulnerability:

- Reading system-users.txt we learn interesting information about credentials:

- On the one hand we have discovered the user rohit, on the other hand we know that his password is pfSense's default:

- To sum it up we have rohit:pfsense to login to the pfSense management interface:


- It is noticeable that the pfSense version number is 2.1.3:

3 - EXPLOITATION
- Looking for vulnerabilities and exploits related with pfSense:

- For instance Metasploit provides this exploit:

- Let's start our exploitation process by launching Metasploit:

- Setting options:

- Running the exploit we get a successful Meterpreter session:

- Searching for information about the system:

- Because we have root privileges there is no need of Privilege Escalation:

- Getting a shell and improving it:


4 - CAPTURING THE FLAGS
- Locating and reading user.txt:

- Locating and reading root.txt:
