Persecure : my learning archive

HTB Sense

https://app.hackthebox.com/machines/Sense

Run a nmap scan to find for open ports.

The webserver leads to PF SENSE login page.

Default Username and Password does not give us access.

Run a gobuster scan to find for directories.

changelog.txt gives us a clue.

Found a user with default password.

Login with user: rohit & password: pfsense

Version is found.

Run a searchsploit on pfsense.

Found a possible command injection.

Download the exploit and examine the python source code.

Able to get a reverse shell with this exploit.

Input the necessary details.

Before running the exploit start a netcat listener.

A shell is gained.

user.txt is found in rohit’s folder.

root.txt is found in root’s folder.

Create a website or blog at WordPress.com