Ignition
Last updated
Last updated
sudo nmap -T4 -Pn -sV -sC -v 10.129.1.27 -oA IgnitionWhich service version is found to be running on port 80? - Found within the initial scan
Answer: nginx 1.14.2
What is the 3-digit HTTP status code returned when you visit http://10.129.1.27/? - When going to the website, we get an error but doesn't tell us an error code.
If we curl the site instead, we get the error code.
curl -v http://10.129.1.27/Answer: 302
What is the virtual host name the webpage expects to be accessed by? - This is found in the URL when attempting to go to the website via it's IP instead of the hostname.
Answer: ignition.htb
What is the full path to the file on a Linux computer that holds a local list of domain name to IP address pairs?
Answer: /etc/hosts
Use a tool to brute force directories on the webserver. What is the full URL to the Magento login page?
Add the IP and domain to our hosts file
Use Gobuster to do some directory traversal
gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt -u http://ignition.htbAnswer: http://ignition.htb/admin
Look up the password requirements for Magento and also try searching for the most common passwords of 2023. Which password provides access to the admin account?
After looking into Magento default credentials and none of the defaults(admin:admin etc) worked, I loaded up BurpSuite, used the Burp Browser, attempted to login with creds, put the POST request into Intruder and performed a BruteForce attack with various default passwords.
Answer: qwerty123
Submit root flag
Answer: 797d6c988d9dc5865e010b9410f247e0
