Enumeration
As usual, let's start with nmap:
nmap -sV -sC IP
Replace IP by the IP of your target machine (Ignition)
Note: The IP of the target machines are always changing so make sure you type the correct one. You can find it on your Hack The Box account.
Port 80 is open. From your VM, let's open your browser and type the IP (ex: 10.129.232.114) of your target machine:
We get an error message.
Note: Even though we typed the IP address in the url bar, if you now look closely in the url bar, it has been replaced by ignition.htb
This usually happens when a server (10.129.232.114) is hosting several websites and we need specify to the server which website we want to visit.
For that we need to edit our hosts file on our VM. Our hosts file can be found in the directory /etc of our machine. Let's open this file and edit it.
Open a new command prompt and type:
sudo nano /etc/hosts
This command will open the file /etc/hosts and allow us to edit it.
Let's add an extra row to this file:
IP ignition.htb
Replace IP by the IP of your target machine (Ignition).
Your /etc/hosts file should now look something like this:
Press Ctrl X to exit
Type Y to save
Press Enter
Now open your browser again and type the IP again in the url search bar. This time it should work:
You can navigate the website but it doesn't look like anything is interesting for now.
Let's use gobuster to enumerate any hidden directories:
gobuster dir -u http://ignition.htb -w /usr/share/dirb/wordlists/common.txt -x php,html
Gobuster will keep enumerating for a while, but it has already found something interesting at http://ignition.htb/admin
Foothold
Open your browser and go to http://ignition.htb/admin.
We find an admin login page:
Since we do not have any credentials, let's try a couple of passwords that are commonly used for the username admin:
admin123
root123
password1
administrator1
changeme1
password123
qwerty123
administrator123
changeme123
Try them all and see if you can get in.
At some point, you might get an error message saying that you have had too many failed attempts at login and your account is suspended for a couple of minutes. Just wait for a couple of minutes and try again.
I finally managed to get in using the username admin and the password qwerty123
The flag is right there at the bottom!
Congratulations! You got the flag!
Commentaires