Saturday, February 2, 2019
Sense
SENSE
- Layout for this exercise:
1 - INTRODUCTION
- The goal of this exercise is to develop a hacking process for the vulnerable machine Sense, what is a retired machine from the Hack The Box pentesting platform:
https://www.hackthebox.eu/
2 - ENUMERATION
- Sense's IP is 10.10.10.60:
- Scanning with Nmap there are just two open ports:
- Going to the web server we find a pfSense (open source firewall and router) login page:
- Dirbusting Sense for files of .txt and .php extensions:
- The result shows two promising text files to be read: changelog.txt and system-users.txt
- Reading changelog.txt we learn that there is still one unpatched vulnerability:
- Reading system-users.txt we learn interesting information about credentials:
- On the one hand we have discovered the user rohit, on the other hand we know that his password is pfSense's default:
- To sum it up we have rohit:pfsense to login to the pfSense management interface:
- It is noticeable that the pfSense version number is 2.1.3:
3 - EXPLOITATION
- Looking for vulnerabilities and exploits related with pfSense:
- For instance Metasploit provides this exploit:
- Let's start our exploitation process by launching Metasploit:
- Setting options:
- Running the exploit we get a successful Meterpreter session:
- Searching for information about the system:
- Because we have root privileges there is no need of Privilege Escalation:
- Getting a shell and improving it:
4 - CAPTURING THE FLAGS
- Locating and reading user.txt:
- Locating and reading root.txt: