The ping is successful. With that, we have successfully found out the internal interface IP of the pfsense firewall.
3. Now, ping the neighboring 10 addresses.
By doing this, we were able to successfully ping 172.23.24.100, which is the IP address of the network administrator.
So far, you, as the attacker, are successfully able to get the root privileges on the web server and map the internal network and known IP scheme that is being used inside the castled network.
You now know
that to take over the firewall, which is very necessary to expose everything on the public interface and wipe off the traces of your activities in the internal network, you must take over any machine that is on a local network. One of those machines will belong to the network administrator and he/she will surely be accessing the internal firewall interface, which they'll be assuming is on the 172.23.24.1 address.
Now, focus on the vulnerabilities that you found on the web server.
Stored XSS: Search and you will find that there is a stored XSS vulnerability in one of the pages of the web server. This is very useful for hooking and retrieving information kom legitimate users.
Next, we will learn how BeEF can be used to test and exploit an XSS attack.
Browser Exploitation Framework (BeEF)
BeEF is a powerful tool for hooking and gathering information from victims. So, why not use it to proceed with our pen testing exercise?
Start by using a snipt that will check the response of the vulnerable application: