TryHackMe | Agent Sudo Walkthrough

Prateek Parashar
3 min readJun 15, 2021

--

You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.

This walkthrough is written as a part of Master certificate in cybersecurity (Red Team) that I am pursuing from HackeU.

Reconnaissance

Starting with a nmap scan

We have 3 open ports (21,22 and 80). As port 80 is open we know we have a webpage and we can also use the ssh service to login into the machine if we get the credentials.

Here we have a hint “codename as user-agent” and the codenames are single letters as we see in the above screenshot; Agent R.

Intercepting the traffic in burp and changing the user agent until we get a hit using intruder

For the letter C we get a hit.

Using this as a user agent .

Here we get a username chris

Using hydra to crack the password for chris

hydra -l chris -P /usr/share/wordlists/rockyou.txt <IP> ftp 21

Successfully logged in the system.

Downloading the files to the host system and inspecting it

get <filename>

Checking To_agentJ.txt and we see that the password is stored in the pictures.

Using binwalk

binwalk cutie.png -e

Found 4 files

Cracking .zip file using zip2john

zip2john 8702.zip >test.txt

cracking the hash in test.txt using john and found password to open zip file.

Extracting 8702.zip using 7z

7z e 8702.zip

cat To_agentR.txt

Used cyberchef to crack the hint.

Used steghide to extract hidden message

steghide extract -sf cute-alien.jpg

Found password for agent James

Using the above information for logging into SSH port with user James and found password

ssh james@<targetip>

User_flag.txt

Checking for privileges

sudo -l

Got root access

sudo -u#-1 /bin/bash

root.txt

Thanks for reading.

--

--

Prateek Parashar
Prateek Parashar

Written by Prateek Parashar

Computer Science graduate who is passionate about CyberSecurity. An IoT and Crypto enthusiast.

No responses yet