Skip to content

Throwback-FW01

Open ports

22/tcp  open  ssh     syn-ack ttl 63 OpenSSH 7.5 (protocol 2.0)
53/tcp  open  domain  syn-ack ttl 63 (generic dns response: REFUSED)
80/tcp  open  http    syn-ack ttl 63 nginx   
443/tcp open  https   syn-ack ttl 63 nginx 

pfsense was running with default credentials admin:pfsense

using diagnostics > command prompt we are able to get a reverse shell as root with the pentest money shell at /usr/share/webshells/php/php-reverse-shell.php

Pasted image 20220601002802.png

Network

There are 2 interfaces

lo0

172.19.0.1

xn0

10.200.70.138

Loot

last login in login.log

user

HumphreyW

pass

1c13639dba96c7b53d26f7d00956a364