Hack The Box: Sense




Difficulty: Medium

Machine Creator: lkys37en

Tools Used:

NMAP Gobuster Searchsploit Burp Suite Python

Task: To find User.txt and Root.txt

Network Enumeration

Let’s start with an NMAP scan.

nmap -sV -sC 10.10.10.60

HTTP(S)


Gobuster





Searchsploit


https://www.proteansec.com/linux/pfsense-vulnerabilities-part-2-command-injection/


Burp




Reverse Shell

http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet


Root Shell


User.txt and Root.txt