TryHackMe — Agent Sudo
6 min readMar 16, 2021
Having fun with TryHackMe again. So, here is the write up and guideline to pass this Agent Sudo challenge.
Room: https://www.tryhackme.com/room/agentsudoctf
Level: Easy
Task: You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.
Lets get started
As usual, open the IP in browser first.
No hint here even in the source code. Hmm.. Check nmap
which and how many ports is opened. Check all port range…
# nmap -A -T4 -sV -p- 10.10.X.X
21/tcp open ftp vsftpd 3.0.3
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 ef:1f:5d:04:d4:77:95:06:60:72:ec:f0:58:f2:cc:07 (RSA)
| 256 5e:02:d1:9a:c4:e7:43:06:62:c1:9e:25:84:8a:e7:ea (ECDSA)
|_ 256 2d:00:5c:b9:fd:a8:c8:d8:80:e3:92:4f:8b:4f:18:e2 (ED25519)
80/tcp open http Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Annoucement
3 port is opened. Now run gobuster
, see if any hidden path
# gobuster dir -u http://10.10.X.X -w ~/wordlists/dirb/big.txt -t 50