Machine Sense - Easy - Linux
PORT STATE SERVICE REASON
80/tcp open http syn-ack ttl 63
443/tcp open https syn-ack ttl 63
PORT STATE SERVICE VERSION
80/tcp open http lighttpd 1.4.35
|_http-title: Did not follow redirect to https://10.10.10.60/
|_http-server-header: lighttpd/1.4.35
443/tcp open ssl/http lighttpd 1.4.35
|_http-server-header: lighttpd/1.4.35
| ssl-cert: Subject: commonName=Common Name (eg, YOUR name)/organizationName=CompanyName/stateOrProvinceName=Somewhere/countryName=US
| Not valid before: 2017-10-14T19:21:35
|_Not valid after: 2023-04-06T19:21:35
|_http-title: Login
|_ssl-date: TLS randomness does not represent time
found in the changelog.txt
# Security Changelog
### Issue
There was a failure in updating the firewall. Manual patching is therefore required
### Mitigated
2 of 3 vulnerabilities have been patched.
### Timeline
The remaining patches will be installed during the next maintenance window
in 443:
000000061: 200 173 L 425 W 6689 Ch "help"
000000171: 200 173 L 425 W 6690 Ch "stats"
000000614: 200 173 L 425 W 6689 Ch "edit"
000000679: 200 173 L 425 W 6692 Ch "license"
000000706: 200 173 L 425 W 6691 Ch "system"
000000764: 200 173 L 425 W 6691 Ch "status"
000001469: 200 173 L 425 W 6689 Ch "exec"
000002741: 200 173 L 425 W 6690 Ch "graph"
000004492: 200 173 L 425 W 6691 Ch "wizard"
000006268: 200 173 L 425 W 6688 Ch "pkg"
000017049: 200 16 L 26 W 384 Ch "xmlrpc"
000034780: 200 173 L 425 W 6691 Ch "reboot"
000046785: 200 173 L 425 W 6695 Ch "interfaces"
- found a
system-users.txt
####Support ticket###
Please create the following user
username: Rohit
password: company defaults
we can login with rohit and pfsense
now we know is the **2.1.3-RELEASE ** (amd64)
there is a exploit… we got root access just by the exploit xD