top of page

Preignition (VIP only)


As usual let's start with the nmap command

nmap -sV IP

Replace IP by the IP of the target machine (Preignition)

The IP of our target machine will change all the time, make sure your replace IP in the command below by the target machine's IP. You can find the target's IP directly from your hack the box account.

We can see that port 80 is open on the target machine. Port 80 is associated with http service so let's check what the website looks like.

From your VM, open your browser and in the URL search bar, type:

The website doesn't have much on it.

Now let's use a tool called Gobuster to scan the web service and potentially find any hidden directories that could be interesting! We need to provide Gobuster with a wordlist that contains common potentially hidden web directory names.

I like to use the pre-installed wordlist on Parrot called common.txt

Let's locate the list first using:

locate common.txt

Let's use the wordlist /usr/share/dirb/wordlists/common.txt

Now let's start our gobuster scan using the command:

gobuster dir -w /usr/share/dirb/wordlists/common.txt -u

dir stands for directory scan

-w stands for wordlist

-u stands for url

Gobuster found on directory called /admin.php

Let's go back to our browser and type the following in the url tab:

We got a login page.


We do not know the username or the password, but let's try our luck and use the following credentials

username: admin

password: admin

It works and we are in. The flag is right there!

You got the flag! Congratulations!

4,326 views1 comment

Recent Posts

See All
bottom of page