HTB Retired Machine: Sense (OpenBSD — Easy)
We will start off with an nmap scan
Now we will run a service scan
If we browse to the IP, we see a login page
Looking at the HTML source code we find out that this is a pfSense login page
Default credentials do not allow us in
I tried running feroxbuster but was getting some errors, so decided to try using dirsearch
Navigating to the changelog, we find that this version of the software has some vulnerabilities
Not sure if this means anything, but placing here for documentation purposes
Got feroxbuster to work, looking at their documentation, I needed the -k flag for insecure
Feroxbuster is taking way to long unfortunately
I’ll use dirbuster with the medium wordlist
Navigating to system-users.txt we find login instructions
Username: rohit
Password: pfsense
Running searchsploiut “pfsense 2.1” we only find 2 exploits (1 that seems work looking into)
Let’s download the Command Injection one
Catting out the file, we find a few flags we need to set
Let’s set the parameters and run the script
User.txt
Answer: 8721327cc232073b40d27d9c17e7348b
Root.txt
Answer: d08c32a5d4f8c8b10e76eb51a69f1a86