Ignition

Initial Scan

sudo nmap -T4 -Pn -sV -sC -v 10.129.1.27 -oA Ignition

Task 1

Which service version is found to be running on port 80? - Found within the initial scan

Answer: nginx 1.14.2

Task 2

What is the 3-digit HTTP status code returned when you visit http://10.129.1.27/? - When going to the website, we get an error but doesn't tell us an error code.

If we curl the site instead, we get the error code.

curl -v http://10.129.1.27/

Answer: 302

Task 3

What is the virtual host name the webpage expects to be accessed by? - This is found in the URL when attempting to go to the website via it's IP instead of the hostname.

Answer: ignition.htb

Task 4

What is the full path to the file on a Linux computer that holds a local list of domain name to IP address pairs?

Answer: /etc/hosts

Task 5

Use a tool to brute force directories on the webserver. What is the full URL to the Magento login page?

Add the IP and domain to our hosts file

Use Gobuster to do some directory traversal

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt -u http://ignition.htb

Answer: http://ignition.htb/admin

Task 6

Look up the password requirements for Magento and also try searching for the most common passwords of 2023. Which password provides access to the admin account?

After looking into Magento default credentials and none of the defaults(admin:admin etc) worked, I loaded up BurpSuite, used the Burp Browser, attempted to login with creds, put the POST request into Intruder and performed a BruteForce attack with various default passwords.

Answer: qwerty123

Task 7

Submit root flag

Answer: 797d6c988d9dc5865e010b9410f247e0

Last updated 1 year ago