# Technical Report

## <mark style="color:purple;">Technical Security Report: "Ignite" System</mark>

### <mark style="color:purple;">Purpose of the Report</mark>

This document provides a detailed technical assessment of the **Ignite** machine from [TryHackMe](https://tryhackme.com/r/room/ignite). The goal of this assessment was to identify security vulnerabilities, exploit them, and provide recommendations to mitigate potential risks.

***

### <mark style="color:purple;">Methodology</mark>

The security evaluation followed a structured penetration testing approach:

1. **Reconnaissance:** Identifying open ports and services using scanning tools.
2. **Enumeration:** Gathering information on the web application and system configuration.
3. **Exploitation:** Utilizing known vulnerabilities to gain unauthorized access.
4. **Privilege Escalation:** Escalating privileges to gain root access to the system.

***

### <mark style="color:purple;">Detailed Findings</mark>

#### 1. Reconnaissance

**Tool Used:** `nmap`\
**Command Executed:**

```bash
nmap -F --open <target_ip>
```

**Description:** A scan was performed to identify open ports and running services.

**Results:**

* **Port 80:** Open (HTTP - FuelCMS 1.4)

> **Impact:** The exposed web service was running an outdated CMS, providing a potential attack vector.

#### 2. Enumeration

**Findings:**

* The homepage displayed **FuelCMS 1.4**, an outdated content management system.
* The admin panel was accessible without authentication.
* Configuration files were publicly accessible, revealing sensitive system details.

> **Impact:** Exposed system information facilitated further exploitation.

#### 3. Exploitation

**Vulnerability:** Remote Code Execution (RCE) in FuelCMS 1.4.

**Exploit Used:** Publicly available Python script for executing arbitrary commands via HTTP requests.

**Command Executed:**

```bash
python3 fuel.py -u <target_url>
```

**Result:**

* Successfully gained a remote shell with `www-data` privileges.

> **Impact:** Allowed the execution of arbitrary system commands, leading to system compromise.

#### 4. Privilege Escalation

**Findings:**

* The **database configuration file** contained **hardcoded root credentials**.
* The attacker was able to retrieve:
  * **Username:** `root`
  * **Password:** `mememe`

**Command Executed:**

```bash
mysql -u root -p mememe
```

**Final Escalation to Root**

**Technique Used:** Upgrading the shell to an interactive terminal and leveraging root credentials.

**Commands Executed:**

```bash
python3 -c 'import pty; pty.spawn("/bin/bash")'
su root
```

**Result:**

* Full root access obtained.

> **Impact:** Complete system control, allowing data exfiltration and system manipulation.

***

### <mark style="color:purple;">Recommendations</mark>

#### Short-Term Actions:

1. **Update FuelCMS** to the latest secure version.
2. **Restrict access** to the admin panel and enforce authentication.
3. **Remove hardcoded credentials** from configuration files and use secure authentication methods.

#### Long-Term Actions:

1. Conduct **regular vulnerability scans** to detect outdated software.
2. Implement **principle of least privilege** to prevent unnecessary access.
3. Deploy **monitoring solutions** to detect and respond to suspicious activity.

***

### <mark style="color:purple;">Conclusion</mark>

The assessment of the **Ignite** machine demonstrated security vulnerabilities commonly found in outdated and misconfigured web applications. Addressing these issues through regular updates, secure authentication, and access control measures will significantly enhance the system’s security posture and reduce the risk of exploitation.