MagicGardens HTB Writeup | HacktheBox

Introduction

In this post, let’s see how to CTF MagicGardens from HackTheBox, and if you have any doubts, comment down below 👇🏾

MagicGardens HTB Hacking Phases in Usage

  1. Getting into the system initially
  2. Checking open TCP ports using Nmap
  3. Retrieving information from Telnet banners
  4. Looking for vulnerabilities to exploit
  5. Enumerating information through SNMP
  6. Gaining access to a user shell
  7. Obtaining the user flag
  8. Escalating privileges
  9. Using Metasploit for port forwarding
  10. Identifying ways to escalate privileges
  11. Exploiting vulnerabilities like file read to gain access
  12. Obtaining the root flag

Let’s Begin

Let’s hack MagicGardens HTB 😌

Getting into the System Initially

Before diving into the technicalities, it’s crucial to understand the target environment. Setting up a proper hacking lab is the first step. Ensure you have a virtual machine with all the necessary tools installed, such as Kali Linux, and that you are connected to the HackTheBox VPN.

Checking Open TCP Ports Using Nmap

Nmap is a powerful tool for network discovery and security auditing. Start by performing a full TCP scan to discover open ports on the target machine.

bashCopy code
nmap -sS -T4 -A -p- <target-ip>

This command scans all 65,535 TCP ports, providing detailed information about the services running on the target.

Retrieving Information from Telnet Banners

Telnet can often reveal valuable information through its service banners. Connect to any open Telnet ports using the following command:

bashCopy code
telnet <target-ip> <port>

Once connected, observe the banner for any clues that might hint at vulnerabilities or misconfigurations.

Looking for Vulnerabilities to Exploit

Now that we have a list of open ports and services, it’s time to look for vulnerabilities. Tools like Nessus, OpenVAS, and manual inspection of service versions can help identify potential weaknesses.

Enumerating Information through SNMP

SNMP (Simple Network Management Protocol) is used for network management. Use tools like snmpwalk to enumerate SNMP information.

bashCopy code
snmpwalk -v 2c -c public <target-ip>

This command gathers information that might include usernames, system details, and network configurations.

Gaining Access to a User Shell

With the information gathered, look for an exploit to gain initial access. This could involve exploiting a known vulnerability in a service or using credentials found during enumeration. Tools like Metasploit can simplify this process.

Obtaining the User Flag

Once you have shell access, the next step is to find the user flag. It’s typically located in the home directory of a user. Use the find command to locate it.

bashCopy code
find / -name user.txt

Escalating Privileges

Privilege escalation is the process of gaining higher-level permissions. Common methods include exploiting SUID binaries, misconfigured sudo privileges, and kernel vulnerabilities.

Using Metasploit for Port Forwarding

Metasploit’s port forwarding feature can help in pivoting to other services that are not directly accessible. This is particularly useful for reaching internal services.

bashCopy code
use auxiliary/server/socks4a
set SRVPORT 1080
run

Configure your proxychains to use the Metasploit SOCKS proxy to forward traffic.

Identifying Ways to Escalate Privileges

Detailed enumeration is key. Tools like linPEAS and LinEnum can automate the process of identifying privilege escalation paths.

Exploiting Vulnerabilities Like File Read to Gain Access

File read vulnerabilities allow attackers to read sensitive files. For instance, a vulnerable web application might let you read /etc/passwd.

bashCopy code
http://<target-ip>/vulnerable_endpoint?file=/etc/passwd

Obtaining the Root Flag

The root flag is the ultimate goal. It’s usually located in the root directory. Use the find command again to locate it.

bashCopy code
find / -name root.txt

Conclusion

Hacking MagicGardens HTB involves a series of methodical steps, from initial reconnaissance to gaining user access and escalating privileges to capture the flags. Each phase requires a combination of tools and techniques, making it a valuable learning experience for anyone interested in cybersecurity.

Also Read : Mist HTB Writeup

FAQs

What tools are essential for hacking MagicGardens HTB?

Tools like Nmap, Metasploit, snmpwalk, and various enumeration scripts are essential.

How important is enumeration in the hacking process?

Enumeration is crucial as it provides the necessary information to find and exploit vulnerabilities.

Can I hack MagicGardens HTB without using Metasploit?

Yes, while Metasploit is helpful, it’s possible to hack the box using manual methods and other tools.

What is the user flag and where is it usually found?

The user flag is a proof-of-access file, typically found in a user’s home directory.

How can I practice hacking legally?

Platforms like HackTheBox, TryHackMe, and other CTF challenges provide legal environments for practicing hacking skills.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top