HTB Sense


Run a nmap scan to find for open ports.

The webserver leads to PF SENSE login page.

Default Username and Password does not give us access.

Run a gobuster scan to find for directories.

changelog.txt gives us a clue.

Found a user with default password.

Login with user: rohit & password: pfsense

Version is found.

Run a searchsploit on pfsense.

Found a possible command injection.

Download the exploit and examine the python source code.

Able to get a reverse shell with this exploit.

Input the necessary details.

Before running the exploit start a netcat listener.

A shell is gained.

user.txt is found in rohit’s folder.

root.txt is found in root’s folder.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: