Ignition (VIP only)

Enumeration

As usual, let's start with nmap:

nmap -sV -sC IP

Replace IP by the IP of your target machine (Ignition)

Port 80 is open. From your VM, let's open your browser and type the IP (ex: 10.129.232.114) of your target machine:

We get an error message.

This usually happens when a server (10.129.232.114) is hosting several websites and we need specify to the server which website we want to visit.

For that we need to edit our hosts file on our VM. Our hosts file can be found in the directory /etc of our machine. Let's open this file and edit it.

Open a new command prompt and type:

sudo nano /etc/hosts

This command will open the file /etc/hosts and allow us to edit it.

Let's add an extra row to this file:

IP ignition.htb

Replace IP by the IP of your target machine (Ignition).

Your /etc/hosts file should now look something like this:

Press Ctrl X to exit

Type Y to save

Press Enter

Now open your browser again and type the IP again in the url search bar. This time it should work:

You can navigate the website but it doesn't look like anything is interesting for now.

Let's use gobuster to enumerate any hidden directories:

gobuster dir -u http://ignition.htb -w /usr/share/dirb/wordlists/common.txt -x php,html

Gobuster will keep enumerating for a while, but it has already found something interesting at http://ignition.htb/admin

Foothold

Open your browser and go to http://ignition.htb/admin.

We find an admin login page:

Since we do not have any credentials, let's try a couple of passwords that are commonly used for the username admin:

admin123
root123
password1
administrator1 
changeme1 
password123 
qwerty123 
administrator123 
changeme123

Try them all and see if you can get in.

I finally managed to get in using the username admin and the password qwerty123

The flag is right there at the bottom!

Congratulations! You got the flag!