Saturday, February 2, 2019

Sense


SENSE

- Layout for this exercise:





1 - INTRODUCTION

- The goal of this exercise is to develop a hacking process for the vulnerable machine Sense, what is a retired machine from the Hack The Box pentesting platform:

https://www.hackthebox.eu/

2 - ENUMERATION

Sense's IP is 10.10.10.60:




- Scanning with Nmap there are just two open ports:




- Going to the web server we find a pfSense (open source firewall and router) login page:






- Dirbusting Sense for files of .txt and .php extensions:





- The result shows two promising text files to be read: changelog.txt and system-users.txt





- Reading changelog.txt we learn that there is still one unpatched vulnerability:




- Reading system-users.txt  we learn interesting information about credentials:




- On the one hand we have discovered the user rohit, on the other hand we know that his password is pfSense's default:





- To sum it up we have rohit:pfsense to login to the pfSense management interface:







- It is noticeable that the pfSense version number is 2.1.3:





3 - EXPLOITATION

- Looking for vulnerabilities and exploits related with pfSense:





- For instance Metasploit provides this exploit:





- Let's start our exploitation process by launching Metasploit:




- Setting options:





- Running the exploit we get a successful Meterpreter session:




- Searching for information about the system:




- Because we have root privileges there is no need of Privilege Escalation:




- Getting a shell and improving it:






4 - CAPTURING THE FLAGS

- Locating and reading user.txt:





- Locating and reading root.txt: