Hack The Box: Sense Jul 14 Written By 5h3r10ck Synopsis: Sense was pfsense firewall with some truly unfortunate information available to the world. Once the credentials are located and the version determined its a quick process gain a root shell. We can see 80 and 443 are open. Lets check it out since that is all we have to work with. Its a pfsense firewall. I immediately try the user admin and the password pfsense since I have worked with these firewalls alot. No luck though. The system-user.txt looks interesting. Looks like we have a user! A quick google confirms what I knew to be true already. The default password is pfsense. Simply plug in the username rohit and the password pfsense into the login prompt. Got another key piece of information here. This pfsense instance is running version 2.1.3. Based on the version information I did a searchsploit for an exploit and got one that looks like it will work. Using the exploit and the credentials we found I opened a netcat listener to catch the reverse shell the exploit will send and just like that we are in. As root the user and root flags were there for the taking. 5h3r10ck
Hack The Box: Sense Jul 14 Written By 5h3r10ck Synopsis: Sense was pfsense firewall with some truly unfortunate information available to the world. Once the credentials are located and the version determined its a quick process gain a root shell. We can see 80 and 443 are open. Lets check it out since that is all we have to work with. Its a pfsense firewall. I immediately try the user admin and the password pfsense since I have worked with these firewalls alot. No luck though. The system-user.txt looks interesting. Looks like we have a user! A quick google confirms what I knew to be true already. The default password is pfsense. Simply plug in the username rohit and the password pfsense into the login prompt. Got another key piece of information here. This pfsense instance is running version 2.1.3. Based on the version information I did a searchsploit for an exploit and got one that looks like it will work. Using the exploit and the credentials we found I opened a netcat listener to catch the reverse shell the exploit will send and just like that we are in. As root the user and root flags were there for the taking. 5h3r10ck