Official MagicGardens Discussion

hacetuk · May 23, 2024, 3:37pm

look at smtp port ?

LT29 · May 23, 2024, 5:56pm

Does anyone have timeout when trying to load the file?

0xos · May 24, 2024, 1:06pm

Guys what payload for morty xss

fajar · May 28, 2024, 1:06pm

Why doesn’t this run on root? Morty 1879 0.0 0.0 9056 4004? Sl 09:01 0:00 _ /usr/bin/geckodriver --port 55623 --websocket-port 45009 Morty 1885 7.5 7.6 2794752 306076? Sl 09:01 0:08 _ firefox-esr --marionette --headless --remote-debugging-port 45009 --remote-allow-hosts localhost -no-remote -profile /tmp/rust_mozprofilenKaTE9

icehawk · May 28, 2024, 2:43pm

Is SMTP supposed to be filtered or is there something strange with the machine/my setup? I have reset the machine, but it is still filtered:

jfsebastian@NB61:/opt/DockerRegistryGrabber$ nmap -A -Pn -p 25 -sC magicgardens.htb
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-28 16:39 CEST
Nmap scan report for magicgardens.htb (10.10.11.9)
Host is up (0.094s latency).

PORT   STATE    SERVICE VERSION
25/tcp filtered smtp
Too many fingerprints match this host to give specific OS details
Network Distance: 2 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT      ADDRESS
1   97.10 ms 10.10.16.1
2   48.58 ms magicgardens.htb (10.10.11.9)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 4.72 seconds
jfsebastian@NB61:/opt/DockerRegistryGrabber$ ncat -v magicgardens.htb 25           
Ncat: Version 7.94SVN ( https://nmap.org/ncat )
Ncat: TIMEOUT.
jfsebastian@NB61:/opt/DockerRegistryGrabber$

Somnus · May 28, 2024, 2:51pm

According to change notes these were both unintended paths

27TH MAY, 2024

[~]

CHANGE

Fixed Unintendeds / Rabbit Holes

Implemented measures to prevent unintended brute force and moved geckodriver to run as non-privileged user. Made exploitation of specific step more reliable.

hacetuk · May 28, 2024, 3:00pm

it’s because of what you have used to scan with nmap (-A and -sC) try just -sV or -sS or just nmap -Pn .

Also after found the smtp port, search how to bruteforce users with smtp, and you will find a user then bruteforce his password …

Yovecio18 · May 29, 2024, 12:51pm

Anyone who want to PM me about the foothold(after the machine update)?

Cheers

MichaelXC · June 2, 2024, 2:11am

I am stuck with the root flag. I managed to get the user flag, and then “a” password for a certain user, but I fail to see how this is used (a rabbit hole maybe?). Originally I thought the password could be used to access the docker registry (with the 5000 port), but this user does not seem to be an authorized user there. The mail that was found seems to suggest that he could access docker configurations though, did the latest change break this?

mavi93 · June 3, 2024, 11:00am

Hello All,

Since the box was updated the port 25 is filtred, try bunch of nmap command but still filtred.
II figure it out that in the search area, i think it could be a SQLi or this is maybe a rabbit hole ?
Doing ( in the search field will return code 500. Is my first insane box so i’m not a pro on many SQL tecnics but it may help.

All enumeration trough port 25 fail for me with timeout telnet will not connect either

sk_dutta · June 8, 2024, 12:24pm

are you able to solve? i am stuck at same step

sk_dutta · June 11, 2024, 11:31am

SpiritWolf · June 11, 2024, 3:43pm

Hello, everyone!
Can someone give me a nudge where to look after m*y user? Can’t find a vector of lateral movement towards ax…

sk_dutta · June 12, 2024, 3:10am

If anyone is stuck at a same step for long they can pm me

vanxa · June 13, 2024, 7:47pm

According to the changelog, user enum should not be possible from the start… However, it still is, via different path, so I assume this is unintended? How can I contact box owner and share enum path, so that owner can decide whether this should also be patched?

N4v4S · June 15, 2024, 6:04pm

Is there someone who pwned this machine in an intended way, I know that it much more difficult, and I would like to ask a couple of questions.

Thanks in advance.

kenokeefe · July 24, 2024, 5:48pm

Is it normal that the connection to the smtp port takes forever ?..

g8ost · October 8, 2024, 11:03am

Hi anyone have information om how to proceed after user flag, I’m kind of stuck.
There are still some docker running but still havent figure it out (on port 8081), htpasswd and able to crack it but I tested cant be used to access the registry on port 5000.
Much appreciated for the information

0xalam · December 9, 2024, 2:11pm

Hello I’m starting this insane box first time… any help with initial foothold would be appreciated.

eetuheino03 · December 18, 2024, 6:29am

Can anyone help whit initial access i can’t find a way to enumerate users anywhere, i think my focus should be on smtp but it is filtrated. Plz dm me

Topic		Replies	Views
Official Resource Discussion Machines	153	4671	November 23, 2024
Hackthebox ( Active Machine Spoilers ) Machines	11	3278	March 10, 2019
Forest Machines	1148	207112	December 7, 2024
Official Trick Discussion Machines	345	19906	December 23, 2022
Official Horizontall Discussion Machines	174	24770	December 12, 2024

Official MagicGardens Discussion

Related topics