Ignition Walkthrough | HackTheBox

Cleared Workforce is a specialty search firm focused on security-cleared Talent Recruitment for Government Contractors.

About Us

100+

product reviews of trending tech

100+

tech written guides for users

100+

tech tools in our tool database

Learn how to complete Ignition in HackTheBox in this tutorial.

This is a simple walkthrough for completing the Ignition target machine in Hackthebox.com.

Task 1

Question: Which service version is found to be running on port 80?

Answer: nginx 1.14.2

Task 2

Question: What is the 3-digit HTTP status code returned when you visit http://{machine IP}/?

Answer: 302

Task 3

Question: What is the virtual host name the webpage expects to be accessed by?

Answer: ignition.htb

Task 4

Question: What is the full path to the file on a Linux computer that holds a local list of domain name to IP address pairs?

Answer: /etc/hosts

Task 5

Question: What is the full URL to the Magento login page?

Answer: http://ignition.htb/admin

Due to this server IP address being a virtual host, it specifically does not point to one website. Virtual hosting is a method for hosting multiple domain names (with separate handling of each name) on a single server (or pool of servers). This allows one server to share its resources, such as memory and processor cycles, without requiring all services provided to use the same host name. Hosting providers offer this service as a way to share resources, such as multiple accounts can share one server with the same IP address, which makes it an affordable option.

Since we cannot directly connect to this site by typing the IP address (ERR_NAME_NOT_RESOLVED), we need to go into our local hosts settings (/etc/hosts) and fix the name so the IP address can resolve to the proper domain name.

A simple one line command to fix this issue is shown below:

echo "10.129.199.163 ignition.htb" | sudo tee -a /etc/hosts

After we update the hosts file, we will now be able to view the webpage.

Next, we can use gobuster to search the directories of this domain with the following command:

gobuster dir -u http://ignition.htb -w /usr/share/dirb/wordlists/common.txt

With this command, we are able to enumerate a series of directories and notice that one of them is the admin page. If we enter this page into the url of a browser, we can see a web form with username and password inputs.

Task 6

Question: What password provides access as admin to Magento?

Answer: qwerty123

We have a username and password field we can try to brute force. For this scenario, we will be using wfuzz to brute force the login page and specific parameters on the POST request headers.

$ wfuzz -c -z file,test_file.txt -d "login%5Busername%5D=admin&login%5Bpassword%5D=FUZZ" http://ignition.htb/admin

With this command, we will be enumerating over the admin credential as the username.

After the brute force attack, we have a successful login with the username of admin and password of qwerty123.

Task 7

Submit flag

Mission accomplished.

Interested in learning how we can help you?

Cleared Workforce
Expertise Driven Recruitment

We deliver candidates that power mission success.

EXPLORE CAREERS

Network Security Engineer Career Information Systems Security Officer (ISSO) Career Information Systems Security Engineer (ISSE) Career Information Systems Security Manager (ISSM) Career Penetration Tester Career Incident Response Analyst Career Cybersecurity Architect Career Security Operations Center (SOC) Analyst Career Malware Analyst Career Cloud Security Engineer Career Application Security Engineer Career Firewall Administrator Career Database Administrator Career Enterprise Architect Career Network Operations Specialist Career Technical Support Specialist Career Cyber Defense Analyst Career Cyber Defense Forensics Analyst Career Cyber Defense Incident Responder Career Secure Software Assessor Career Vulnerability Assessment Analyst Career Intelligence Analyst Career IT Program Manager Career DevSecOps Engineer Career MORE ROLES

EXPLORE TOOLS

Looking
for talent?

With over a decade of field experience, we connect with top talent in the industry. At Cleared Workforce, our firsthand technical knowledge sets us apart, allowing us to understand your business needs deeply and match you with candidates who truly fit your requirements. Our unwavering commitment to excellence and technical expertise ensures your complete satisfaction. Trust us as your talent sourcing partner to keep your business moving forward.

For Business

Looking
for WORK?

We’re different. Unlike other recruiters who might not understand deep technical nuances, we have firsthand experience in tech. We won’t waste your time with irrelevant job pitches. At Cleared Workforce, we make it our mission to understand your career ambitions and align them with companies where you will truly excel. We are dedicated to helping you find not just a job, but the right opportunity that matches your skills, goals, and potential for growth.

For Job Seekers

Ignition Walkthrough | HackTheBox

Task 1

Task 2

Task 3

Task 4

Task 5

Task 6

Task 7

Interested in learning how we can help you?

EXPLORE CAREERS

EXPLORE TOOLS

Looking for talent?

Looking for WORK?

EXPERTISE-DRIVEN RECRUITMENT.

Looking
for talent?

Looking
for WORK?