Hack the Box — Preignition

HTB Tags: #Linux #PHP #DefaultCredentials.

This is the fifth in the Starting Point series, and the second of the non-free VIP boxes with a focus on directory busting a Linux target. As normal, let’s start by enumerating with the standard commands, ping and nmap.

ping

ping $IP -c 4

nmap

nmap $IP

With one port showing active, port 80 (http), we can check out the website and enumerate the directories with gobuster.

website

The home page indicates a success install of the nginx web server.

From Google: NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability.

So let’s check out the folder structure.

gobuster

gobuster dir -u http://$IP -w /usr/share/wordlists/dirb/common.txt

Using the dirb tool, common.txt file for speed:

foothold

We fiind an /admin.php file. This takes us to a login field.

default credentials

Testing initially with a set of default credentials we find that we can gain access with the classic admin:admin which gives us the challenge flag.

summary

A nice simple introduction into directory busting and enumeration. There are other binaries available (dirb, dirbuster, ZAP and Burp Suite etc.) and given the chance, this is the box to test them and get familiar with these tools.