#9 Ignition - Starting Point - Hack The Box || Complete Walkthrough

Ignition is a misconfigured web server, that will demonstrate to us some basic networking and DNS probes.


Click on Spawn Machine and you can see the IP of the target machine:

Starting off with Nmap scan to trigger default script scanning and version detection, we will use the below command:

└─$ sudo nmap -sC -sV
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-24 23:25 IST 
Nmap scan report for
Host is up (0.28s latency).
Not shown: 999 closed tcp ports (reset)  
80/tcp open  http    nginx 1.14.2 
|_http-title: Did not follow redirect to http://ignition.htb/
|_http-server-header: nginx/1.14.2  
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 22.31 seconds    

This yields us a singular result, port 80 open and running Nginx 1.14.2. So far, this seems straightforward. However, from the output right below that, we notice that http-title returns Did not follow redirect to http://ignition.htb.

80/tcp open  http    nginx 1.14.2 
|_http-title: Did not follow redirect to http://ignition.htb/
|_http-server-header: nginx/1.14.2 

Copy the URL, try to attempt to access the webpage through a browser window. Upon attempting to access the webpage through a browser window, we are presented with the following error. Check if there is a typo in ignition.htb references the same URL we found during our Nmap scan, but without further details as to what might cause this error to pop up when simply attempting to access the website. Below, a more detailed error code is displayed: DNS_PROBE_FINISHED_NXDOMAIN.

After a quick Google search of the error, we learn that there might be two underlying reasons for this error appearing. 

  • We've mistyped the ignition.htb address in our URL search bar and the DNS servers can't find the associated IP address for the mistyped name. 
  • We never entered any hostname such as ignition.htb into the search bar, but the website expects us to.

I think this problem can be fixed by modifying the Local DNS file named hosts located in the /etc directory. 

If you are also a Windows user, then do similar with me:

Go to C:\Windows\System32\drivers\etc Path.

From here copy the hosts' file to the desktop to modify it. Because you can’t modify this at this place. Now open this file and add the IP address with its' associated hostname in the hosts' table, which would, in turn, allow your web client to visit the website which was previously reporting an error.

Once you save the file, replace this file with the /etc directory.

Once this configuration is complete, we can proceed to reload the target's webpage and verify if it loads successfully. Since the requested hostname now has an association in your hosts' file, the website can load without issue. 

From here, we can start working towards gaining a foothold.


After exploring the landing page for a short period of time, we can deduce that nothing helpful can be leveraged here. The only option of exploring the website further is using gobuster.

└─$ gobuster dir -u http://ignition.htb/ -w dirbuster/directory-list-2.3-small.txt
Gobuster v3.1.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
[+] Url:                     http://ignition.htb/
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                dirbuster/directory-list-2.3-small.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.1.0
[+] Timeout:                 10s
2021/12/24 23:47:57 Starting gobuster in directory enumeration mode
/contact              (Status: 200) [Size: 28673]
/home                 (Status: 200) [Size: 25802]
/media                (Status: 301) [Size: 185] [--> http://ignition.htb/media/]
/0                    (Status: 200) [Size: 25803]
/catalog              (Status: 302) [Size: 0] [--> http://ignition.htb/]
/static               (Status: 301) [Size: 185] [--> http://ignition.htb/static/]
/admin                (Status: 200) [Size: 7092]
/Home                 (Status: 301) [Size: 0] [--> http://ignition.htb/home]
/cms                  (Status: 200) [Size: 25817]
Progress: 1046 / 87665 (1.19%)
[ERROR] 2021/12/24 23:51:28 [!] context deadline exceeded (Client.Timeout or context cancellation while reading body)
Progress: 1069 / 87665 (1.22%)
[!] Keyboard interrupt detected, terminating.
2021/12/24 23:51:32 Finished

From the output of our go-buster script, we find our target. The /admin page returns a 200 response code, which signals its' availability. We can navigate to it by appending it to the end of the URL.

A login screen is presented to us, with a logo for Magento boasting in the middle of the page. A username and password are being requested. Let’s try to attempt some default credentials for the Magento service to get login access.

Let’s try to log in with some default credentials:

└─$ nmap

After manually attempting, we land on a successful login. The correct combination is admin: qwerty123. Now, We are presented with the Magento administrative panel, where the flag can be found under the Advanced Reporting section of the Dashboard.

Now copy the flag and paste it to Hack the box. Congratulations!!!!

Task Answers

TASK 1: Which service version is found to be running on port 80?

Ans. nginx 1.14.2

TASK 2: What is the 3-digit HTTP status code returned when you visit http://{machine IP}/?

Ans. 302

TASK 3: What is the virtual hostname the webpage expects to be accessed by?

Ans. ignition.htb

TASK 4: What is the full path to the file on a Linux computer that holds a local list of domain name to IP address pairs?

Ans. /etc/hosts

TASK 5: What is the full URL to the Magento login page?

Ans. http://ignition.htb/admin

TASK 6: What password provides access as admin to Magento?

Ans. qwerty123

Post a Comment

If you have any doubts or any queries you can specify here.

Previous Post Next Post