TryHackMe — Agent Sudo

Hafiq Iqmal
6 min readMar 16, 2021

Having fun with TryHackMe again. So, here is the write up and guideline to pass this Agent Sudo challenge.

Room: https://www.tryhackme.com/room/agentsudoctf
Level: Easy

Task: You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.

Lets get started

As usual, open the IP in browser first.

No hint here even in the source code. Hmm.. Check nmap which and how many ports is opened. Check all port range…

# nmap -A -T4 -sV -p- 10.10.X.X
21/tcp open ftp vsftpd 3.0.3
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 ef:1f:5d:04:d4:77:95:06:60:72:ec:f0:58:f2:cc:07 (RSA)
| 256 5e:02:d1:9a:c4:e7:43:06:62:c1:9e:25:84:8a:e7:ea (ECDSA)
|_ 256 2d:00:5c:b9:fd:a8:c8:d8:80:e3:92:4f:8b:4f:18:e2 (ED25519)
80/tcp open http Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Annoucement

3 port is opened. Now run gobuster, see if any hidden path

# gobuster dir -u http://10.10.X.X -w ~/wordlists/dirb/big.txt -t 50

--

--

Hafiq Iqmal
Hafiq Iqmal

Written by Hafiq Iqmal

Technical Lead | Software Engineer | Laravel Enthusiasts | Tech writer | UiTM Alumni | Husband | Proud father of a beautiful daughter