[Meachines] [Easy] Sense PFSense防火墙RCE

文章预览

信息收集 IP Address Opening Ports 10.10.10.60 TCP :80,443 $ nmap -p- 10.10.10.60 --min-rate 1000 -sC -sV PORT STATE SERVICE VERSION 80/tcp open http lighttpd 1.4.35 |_http-title: Did not follow redirect to https://10.10.10.60/ |_http-server-header: lighttpd/1.4.35 443/tcp open ssl/http lighttpd 1.4.35 |_http-title: Login | ssl-cert: Subject: commonName=Common Name (eg, YOUR name)/organizationName=CompanyName/stateOrProvinceName=Somewhere/countryName=US | Not valid before: 2017-10-14T19:21:35 |_Not valid after: 2023-04-06T19:21:35 |_ssl-date: TLS randomness does not represent time |_http-server-header: lighttpd/1.4.35 HTTPS https://10.10.10.60/ $ gobuster dir -u "https://10.10.10.60/" -w /usr/share/seclists/Discovery/Web-Content/raft-small-words.txt -x html,txt,php -b 404,403 -t 50 -k $ curl "https://10.10.10.60/system-users.txt" -k username:rohit password:pfsense PFSense防火墙-RCE $ searchsploit -w PFSense 2.1.3 pfSense的status_rrd_graph_img.php页面在处理graph ………………………………