Hacking
GithubTwitter
Search…
Hacking
Hacking, Bug Bounties & Penetration Testing
The Hacker Lab
Methodologies
Basic Buffer Overflow
Basic Internal Network test
Basic Mobile Testing guide
Basic Subdomain Enumeration guide
Guides
Build A Raspberry Pi Dropbox
Hack The Box last updated - 2019
Legacy
Devel
Optimum
Popcorn
Beep
Tenten
Arctic
Cronos
Grandpa
Granny
October
Lazy
Sneaky
Holiday
Blocky
Shrek
Blue
Joker
Europa
Haircut
Bank
SolidState
Mantis
Shocker
Tally
Sense
Jeeves
Stratosphere
Inception
Bashed
Fluxcapacitor
Canape
Rabbit
Chatterbox
Nibbles
Sunday
Aragog
Valentine
Silo
Olympus
Poison
Celestial
Waldo
Jerry
Access
Active
Netmon
Powered By GitBook
Sense

Sense - 10.10.10.60

Target Enumeration:
OS: Linux
IP: 10.10.10.60
User: 8721327cc232073b40d27d9c17e7348b
Root: d08c32a5d4f8c8b10e76eb51a69f1a86

Ports / Services / Software Versions Running

80/tcp open http lighttpd 1.4.35
443/tcp open ssl/http lighttpd 1.4.35

Vulnerability Exploited:

pfSense, a free BSD based open source firewall distribution, version <= 2.2.6 contains a remote command execution vulnerability post authentication in the _rrd_graph_img.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject arbitrary operating system commands and execute them as the root user. Verified against 2.2.6, 2.2.5, and 2.1.3.

Exploiting the host:

Nmap
Gobuster:
Website is pfsense
Changelog.txt gives us some information to consider when exploiting
Checking searchsploit gives us the following to consider:
Most do not work authenticated so we need credentials:
Changing our wordlist we discover a new set of credentials:
Default password is pfsense
Load metasploit with and set the following options and execute to get root:
Get root & collect the user flag.
Hack The Box last updated - 2019 - Previous
Tally
Next - Hack The Box last updated - 2019
Jeeves
Last modified 2yr ago
Copy link
Contents
Sense - 10.10.10.60
Ports / Services / Software Versions Running
Vulnerability Exploited:
Exploiting the host: