Technical Report

Detailed analysis for technical teams, covering methodologies, tools, and findings.

Technical Security Report: "Ignite" System

Purpose of the Report

This document provides a detailed technical assessment of the Ignite machine from TryHackMe. The goal of this assessment was to identify security vulnerabilities, exploit them, and provide recommendations to mitigate potential risks.

Methodology

The security evaluation followed a structured penetration testing approach:

  1. Reconnaissance: Identifying open ports and services using scanning tools.

  2. Enumeration: Gathering information on the web application and system configuration.

  3. Exploitation: Utilizing known vulnerabilities to gain unauthorized access.

  4. Privilege Escalation: Escalating privileges to gain root access to the system.

Detailed Findings

1. Reconnaissance

Tool Used: nmap Command Executed:

nmap -F --open <target_ip>

Description: A scan was performed to identify open ports and running services.

Results:

  • Port 80: Open (HTTP - FuelCMS 1.4)

Impact: The exposed web service was running an outdated CMS, providing a potential attack vector.

2. Enumeration

Findings:

  • The homepage displayed FuelCMS 1.4, an outdated content management system.

  • The admin panel was accessible without authentication.

  • Configuration files were publicly accessible, revealing sensitive system details.

Impact: Exposed system information facilitated further exploitation.

3. Exploitation

Vulnerability: Remote Code Execution (RCE) in FuelCMS 1.4.

Exploit Used: Publicly available Python script for executing arbitrary commands via HTTP requests.

Command Executed:

python3 fuel.py -u <target_url>

Result:

  • Successfully gained a remote shell with www-data privileges.

Impact: Allowed the execution of arbitrary system commands, leading to system compromise.

4. Privilege Escalation

Findings:

  • The database configuration file contained hardcoded root credentials.

  • The attacker was able to retrieve:

    • Username: root

    • Password: mememe

Command Executed:

mysql -u root -p mememe

Final Escalation to Root

Technique Used: Upgrading the shell to an interactive terminal and leveraging root credentials.

Commands Executed:

python3 -c 'import pty; pty.spawn("/bin/bash")'
su root

Result:

  • Full root access obtained.

Impact: Complete system control, allowing data exfiltration and system manipulation.

Recommendations

Short-Term Actions:

  1. Update FuelCMS to the latest secure version.

  2. Restrict access to the admin panel and enforce authentication.

  3. Remove hardcoded credentials from configuration files and use secure authentication methods.

Long-Term Actions:

  1. Conduct regular vulnerability scans to detect outdated software.

  2. Implement principle of least privilege to prevent unnecessary access.

  3. Deploy monitoring solutions to detect and respond to suspicious activity.

Conclusion

The assessment of the Ignite machine demonstrated security vulnerabilities commonly found in outdated and misconfigured web applications. Addressing these issues through regular updates, secure authentication, and access control measures will significantly enhance the system’s security posture and reduce the risk of exploitation.

PreviousWrite-UpNextExecutive Report

Last updated