📦
HTB
  • Machines
    • Starting Point Machines
      • Tier 0 Machines
        • Meow
        • Fawn
        • Dancing
        • Redeemer
        • Explosion
        • Preignition
        • Mongod
        • Synced
      • Tier 1 Machines
        • Appointment
        • Sequel
        • Crocodile
        • Responder
        • Three
        • Ignition
        • Bike
        • Funnel
        • Pennyworth
        • Tactics
      • Tier 2 Machines
        • Archetype
        • Oopsie
        • Vaccine
        • Unified
        • Included
        • Markup
        • Base
    • Easy Machines
      • Nibbles
      • Stocker
      • Lame
        • Findings
        • Recon
          • NMAP
          • FTP
          • SSH
          • SMB Client
        • Exploitation
          • FTP
          • Samba
      • Find the easy Pass
      • Weak RSA
      • Jerry (Windows)
        • Recon
        • Enumeration
        • Vulnerabilities
      • You know 0xDiablos
      • Netmon
      • Blue
      • Precious
      • Optimum
      • Cap
      • Knife
    • Medium Machines
      • Under Construction
  • Getting Started Notes
    • Getting Help
    • SSL/TLS Certificates
    • Tutorial Websites
    • Wayback Machine
    • Wappalyzer
    • Google Hacking/Dorking
    • Blogs
    • Youtube Resources
    • Vulnerable Machines
    • Challenges
    • Parrot
    • Common Terms
    • Common Ports
    • SecLists
    • Shells
    • Enumeration Scripts
    • Escalation
    • Downloading files from Target
    • Knowledge Check
Powered by GitBook
On this page
  1. Machines
  2. Starting Point Machines
  3. Tier 1 Machines

Ignition

PreviousThreeNextBike

Last updated 2 years ago

Task 1

Which service version is found to be running on port 80?

Answer:

  • Run the following nmap scan

  • nmap -sV -p 80 [IP]

  • The answer is "nginx 1.14.2"

Task 2

What is the 3-digit HTTP status code returned when you visit http://{machine IP}/?

Answer:

  • Run the following to easily discover the code:

  • curl -v http://[IP]

  • The answer is 302

Task 3

What is the virtual host name the webpage expects to be accessed by?

Answer:

  • In your web browser input the IP you were given and it should automatically transfer you.

  • The URL should now read "ignition.htb" which is the answer.

Task 4

What is the full path to the file on a Linux computer that holds a local list of domain name to IP address pairs?

Answer:

  • The answer is /etc/hosts

Task 5

Use a tool to brute force directories on the webserver. What is the full URL to the Magento login page?

Answer:

  • Run a gobuster dir search:

    • gobuster dir -u http://ignition.htb/ -w /usr/share/dirb/wordlists/common.txt

  • The answer will pop up with /admin. Therefore the full URL is:

Task 6

Look up the password requirements for Magento and also try searching for the most commong passwords of 2023. Which password provides access to the admin account?

Answer:

  • Googled password requirements for Magento and it shows that at minimum it needs to be 7 characters long with letters and numbers.

  • I googled most used passwords for 2023 and after trying a few finally found that "qwerty123" works.

Submit Flag:

  • Once you have signed into the admin account the flag will be on the first page in the text:

  • 797d6c988d9dc5865e010b9410f247e0

http://ignition.htb/admin
2MB
Ignition_Write_Up.pdf
pdf