Close

Writeup – HTB – Sense

Okay, going to be up front with you guys – this box pissed me off. Enumeration of files on directories is key here, and apparently it’s dependent also on which tool you use. This had me running in circles all day today, but I got through it, and I want to share with you my success.

First, let’s get that nmap off.

Only thing here is 80/443, and when we go to anything on port 80, we are redirected to 443, with a lovely pfsense login.

I tried default credentials, which didn’t work, so I looked at gobuster for help.

This is only half the story.

gobuster found a changelog.txt, but did not find the file in question – probably because of the wordlist used. In this particular VM, you had to use the dirbuster wordlist, directory-list-lowercase-2.3-medium.txt, otherwise you weren’t finding the crucial other file you need.

I eventually found it, but only after I cheated and used dirsearch (which didn’t find it) and dirbuster (which did). This is the part that irritated me the most. After this, the box was trivial.

This is the key

Once you know the username of ‘rohit’, you can login to the pfsense controller with rohit:pfsense (the default password for pfsense). This gives you the version of 2.1.3.

Searching Exploit DB for pfsense 2.1.3 shows us this link: https://www.exploit-db.com/exploits/43560

Downloading the python file, starting a netcat listener and running the python file works well.

This gives you root right away!

And, as expected, the user.txt is in rohit’s user home folder, and the root.txt is in the root directory.

Boom!

So, as I said, this box drove me crazy because of directory enumeration. To this day I still don’t know why my dirsearch didn’t work, and I think I need to modify my autorecon to run with the correct directory list so it finds more things. Either that, or this one is just an odd HackTheBox-ism.

Thanks for checking it out!

A Week Gone By

It’s been a week now since my last post, and I feel like I’ve learned an exponential amount. I haven’t done as much housework as I swore I would while staying home away from COVID-19, and I haven’t worked on my cars like I said I would, either. My garage isn’t perfectly organized like I thought it would be, but man, I’ve learned a ton.

I feel like a week ago I didn’t know anything about penetration testing, at least compared to what I know now. A couple of weeks ago, thanks to the non-profit VeteranSec (www.veteransec.com), I was offered the opportunity to blog for them about my transition from the Navy over the next few years to the Cyber Security field. Then, about a week ago, VeteranSec partnered with eLearnSecurity to give 10 VeteranSec members the Penetration Testing Student (PTS) course and voucher for the eJPT (Junior Penetration Tester) certification. VeteranSec gave me one for being involved in the organization, with the promise of a review of the course for both groups.

So, I started that course. While working on my Masters Program. In addition, to supplement the knowledge that is coming with the PTS, I subscribed to TryHackMe and started working through their rooms. After attending a few conferences with other CyberSecurity personnel on the ‘net, diversifying income streams seemed to be a common thread, along with giving back to the community through teaching, blogging, etc. All of this, I was assured, would help me stand out. So I started this blog, and a nightly stream on Twitch.

For the past week and a half, I’ve sat down at my computer each night, chatted with people, and worked on some TryHackMe rooms, learning some CyberSecurity and teaching what I know to anyone that tunes into my stream. It’s honestly been a wild ride. I am still firmly in the beginner camp, of course, so I didn’t really think I’d have anything to offer many people. Turns out I was a little off in my assumption.

On Twitch, followers are people who sign up to receive notifications that your channel is now streaming. Since I made my account, and played around with streaming at all, it’s been 15 days. In those 15 days, I’ve gained 77 followers. Twitch also has a subscribe option. This gives people the benefit of throwing the streamer they like a few bucks each month to show their appreciation for the content, and in doing so, the streamer can offer benefits such as the ability to show old videos, change the quality of the videos to support a weaker internet connection, etc.

After 15 days, I now have 10 subscribers. One person is enjoying the learning so much, they’ve promised to giveaway one subscription each week in the channel to help me attract viewers. I am honestly, completely blown away. It’s awesome. And the thing is, the money isn’t something I care about one bit. Playing around on places like TryHackMe is something I’d do anyways. Talking to others about Cybersecurity is also something I would do anyways. But to see the level of community development, and to feel like I’m truly helping people – that’s where the reward here is.

And it’s awesome. The community is great, especially online in this venue among infosec people, and it’s awesome to see the support.

The Twitch pane for the last 30 days.

I’ll keep writing, too. I started my 3rd class in my Masters program today. I started the 3rd module in my PTS Course, as well. And I’m continuing through TryHackMe. Stay tuned. It’s going to be a wild ride.