Post

HTB Linux Easy: Sense

Sense is an Easy rated Linux machine on HTB.

Posted
By Gregory Allegoet
1 min read
HTB Linux Easy: Sense

Nmap

Pasted image 20240715104233.png

Initial Foothold

Enumerating versions

Lighttpd 1.4.35 release date: 12/03/2014. Pasted image 20240715104223.png

No vulnerabilities were identified using searchsploit. Pasted image 20240715104219.png

Pfsense, possibly also not updated since 12/03/2014, likely running version 2.1. Pasted image 20240715104214.png

Vulnerabilities. Pasted image 20240715104210.png

Enumerating HTTPS (port 443)

We seem to be dealing with an outdated version of pfSense judging from the login page. Pasted image 20240715104206.png

Running gobuster for directory busting. Pasted image 20240715104202.png

Content of the system-users.txt file. Pasted image 20240715104157.png

The default password for pfsense is pfsense, we can use this to log in. Pasted image 20240715104152.png

Log into pfSense using the following credentials: rohit:pfsense. Pasted image 20240715104146.png

Gain shell

Once logged in we can find a copyright for 2004-2014. This means that we can try the exploit we found earlier. Pasted image 20240715104142.png

Add the following parameters to the script. Pasted image 20240715104135.png

Run the exploit. Pasted image 20240715104129.png

Your nc listener should have turned into a shell. Pasted image 20240715104122.png

User.txt

Pasted image 20240715104118.png

Root.txt

Pasted image 20240715104113.png

You have PWNED

Pasted image 20240715104108.png

Sources

CTF, HTB
Linux Easy
This post is licensed under CC BY 4.0 by the author.