Port scan first, exchange ip with your machines IP address!
sudo nmap -sV ip
PORT STATE SERVICE VERSION 80/tcp open http nginx 1.14.2
When pasting the IP address into a browser, no website loads and we get a 302 (Redirect). Let's modify the hosts file of our machine:
sudo nano /etc/hosts
Below the 127. IP addresses, add:
Then hit ctrl + o, enter, ctrl + x to save and close the editor. The website should now be available in the browser!
Now we use GoBuster to find all directories/pages of that website.
sudo gobuster dir --url http://ignition.htb -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt
/admin (Status: 200) [Size: 7095]
We can see the login form. We know that the password must be seven or more characters long and include both letters and numbers. And we will try some of the most common passwords (link below) with the username admin. Success! The password for admin is qwerty123
Logged in! The flag can be found in the Advanced Reporting section of the dashboard landing page.