TryHackMe Walkthrough | Agent Sudo

You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.

This walkthrough is written as a part of Master certificate in cybersecurity (Red Team) that I am pursuing from HackeU.

Reconnaissance

Starting with a nmap scan

nmap -sS -sV <ip>

We found that there are 3 ports open port 21, port 22, port80.

As port 80 is open we will check the webpage for any information.

Here we have a hint “codename as user-agent” and the codenames are single letters as we see in the above screenshot; Agent R.

Intercepting the traffic in burp and changing the user agent until we get a hit using intruder.

For the letter C we get a hit.

Using this as a user agent .

Here we get a username chris

Using hydra to crack the password for chris

hydra -l chris -P /usr/share/wordlists/rockyou.txt <IP> ftp 21

Successfully logged in the system.

Downloading the files to the host system and inspecting it

get <filename>

Checking To_agentJ.txt and we see that the password is stored in the pictures.

Using binwalk

binwalk cutie.png -e

Found 4 files

Cracking .zip file using zip2john

zip2john 8702.zip >test.txt

cracking the hash in test.txt using john and found password to open zip file.

Extracting 8702.zip using 7z

7z e 8702.zip

cat To_agentR.txt

Used cyberchef to crack the hint.

Used steghide to extract hidden message

steghide extract -sf cute-alien.jpg

Found password for agent James

Using the above information for logging into SSH port with user James and found password

ssh james@<targetip>

User_flag.txt

Checking for privileges

sudo -l

Got root access

sudo -u#-1 /bin/bash

root.txt

Thanks for reading.