Ignition - Linux
- justinblawitz
- Oct 8, 2025
- 2 min read
Ping and Nmap the server using sudo nmap -sC -sV {target Ip}
We see port 80/tcp open running an http server. We also see a line stating, “Did not follow redirect to http://ignition.htb/”. Upon searching for the target Ip and URL in the browser we get an error.
This error is caused by name-based VHosting where multiple websites can share the same IP address, allowing users to access them separately by visiting the specific hostnames of each website instead of the hosting server's IP address. The webserver we are making requests to is throwing us an error because we haven't specified a certain hostname out of the ones that could be hosted on that same target IP address.
To get a better view of the exact requests and responses we’ll use a tool called curl. This tool will allow us to manipulate HTTP requests made to a server and receive the responses directly in the terminal. We can use the command curl -h to get a list of commands we can use with curl, and run curl -v {target Ip}, where -v makes the output of the web request and response more detailed.
We see the Host displaying the target Ip instead of the hostname, and 302 Found, which indicates that the requested resource has been temporarily moved to the URL in the Location header where we can see the hostname.
Next, we’ll run echo “{target Ip} ignition.htb” | sudo tee -a /etc/hosts which inputs the target's IP address with its' associated hostname in the hosts table, which allows your web client to visit the website which was previously reporting an error. We’ll confirm our input was piped into /etc/hosts using cat /etc/hosts.
After adding the entry to hosts, the web page is relatively uninteresting, so we use gobuster to attempt to brute force directories by running the command gobuster dir –url http://ignition.htb/ --wordlist (wordlist file path).
After the brute force, we find an interesting directory called /admin. Upon searching http://ignition.htb/admin we’re greeted with a login page.
In this case, we won’t be using brute force as a search on Megento services because it has anti-brute force measures implemented. We’ll need to guess the username and password for this lab. Using a common username “admin” and the password “qwerty123” in this case gains us access to the admin dashboard where we can read and capture the flag.
Comments