Hack the Box – Preignition

# Information:

Platform Name: Hack the Box

Machine Challenge: Preignition

Machine Status: Starting Point

Challenge Level: Very Easy

# Used Tools:

  • Linux
  • nmap
  • gobuster
  • terminal
  • Burp Suite

# Challenge Description:

This challenge has a list of questions that need to be answered in order to retrieve the flag. We will answer every question.

# Writeup:

Task 1:

Directory Brute-forcing is a technique used to check a lot of paths on a web server to find hidden pages. Which is another name for this? (i) Local File Inclusion, (ii) dir busting, (iii) hash cracking.

Answer: The answer is (ii) dir busting.


Task 2:

What switch do we use for nmap’s scan to specify that we want to perform version detection

Answer: The switch is -sV.

“-sV: Probe open ports to determine service/version info”, (DigitalOcean, 2022)ยน.

So I performed an nmap scan with the -sV switch and I was presented with following information:

Image 1

Task 3:

What does Nmap report is the service identified as running on port 80/tcp?

Answer: As you can see in image 1, the service that is running on port 80 is http.


Task 4:

What server name and version of service is running on port 80/tcp?

Answer: As you can see from image 1, the server name and version of service running on port 80 is nginx 1.14.2 .

After knowing all this information, I went to Firefox and search for a site in the following way:

http://<your_IP_here>

And I was presented with the following:


Task 5:

What switch do we use to specify to Gobuster we want to perform dir busting specifically?

Answer: The switch is dir.


Task 6:

When using gobuster to dir bust, what switch do we add to make sure it finds PHP pages?

Answer: The switch that we add is -x php.

After knowing all this information, I performed a directory Brute_force to search for paths on the web-server to see if I was able to find hidden pages. For this, I used the following command:

gobuster dir -u http://<your_IP_here> -w /path/to/the/file -x php

Meaning of the gobuster switches in this command:

-u : (–url [string]) The target URL.

-w : (–wordlist [wordlist]) Path to wordlist.

You can see the results in the image below.

Image 2

As you can see in image 2, I used the file “directory-list-2.3-medium.txt” from wordlists to find the page that we need for this box. You can find this wordlists here.


Task 7:

What page is found during our dir busting activities?

Answer: The page found during dir busting is admin.php. You can see this in image 2.


Task 8:

What is the HTTP status code reported by Gobuster for the discovered page?

Answer: The status code is 200 (as you can see in image 2).

After knowing all this, I went to the site and I access this page. You can see in the image below:

Image 3

As you can see (in image 3), I added the admin.php page to the search, and I was presented with the admin console login.


Submit flag:

As you know we don’t know what’s the username and password of the admin. However, we can assume that the default credentials are still at use and search on google “default credentials for admin”. An example of the output for this search can be found here. And if that doesn’t work, we can use the most common usernames and passwords for admin.

So, first I tried the default credentials for admin and found that the username is “admin” and the password is “admin”.

Like this, was possible to retrieve the flag.


The flag is:

Show flag
6483bee07c1c1d57f14e5b0717503c73


Bibliography:


Thank you very much for reading!

Cheers,

SoBatista


Leave a Reply

Your email address will not be published. Required fields are marked *