HTB Ignition

This is another of the Very easy HTB Starting Point boxes.

$ sudo nano /etc/hosts

...
10.129.232.211     ignition.htb 
...

$ nmap -p- -A 10.129.232.211 -sV

Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-18 12:50 CEST
Nmap scan report for ignition.htb (10.129.232.211)
Host is up (0.037s latency).
Not shown: 65534 closed tcp ports (conn-refused)
PORT   STATE SERVICE VERSION
80/tcp open  http    nginx 1.14.2
|_http-title: Home page
|_http-server-header: nginx/1.14.2

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 60.95 seconds

Access to http://ignition.htb/

$ dirsearch -u http://ignition.htb -i 200

  _|. _ _  _  _  _ _|_    v0.4.2
 (_||| _) (/_(_|| (_| )

Extensions: php, aspx, jsp, html, js | HTTP method: GET | Threads: 30 | Wordlist size: 10927

Output File: /home/ruben/.dirsearch/reports/ignition.htb/_22-06-18_16-18-30.txt

Error Log: /home/ruben/.dirsearch/logs/errors-22-06-18_16-18-30.log

Target: http://ignition.htb/

[16:18:31] Starting: 
[16:23:34] 200 -   25KB - /0
[16:29:16] 200 -    7KB - /admin
...

Access to http://ignition.htb/admin/

Based on HTB questions, the username is admin.

As there is a form_key parameter it’s most difficult to brute-force.
So, we can try then to guess manually the password using the most usual passwords.

We can find more information about the passwords in the Magento documentation (https://docs.magento.com/user-guide/stores/security-admin.html)

We can use a list as https://cybernews.com/best-password-managers/most-common-passwords/

The correct password is qwerty123