TryHackMe — Agent Sudo

Having fun with TryHackMe again. So, here is the write up and guideline to pass this Agent Sudo challenge.

Room: https://www.tryhackme.com/room/agentsudoctf
Level: Easy

Task: You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.

As usual, open the IP in browser first.

No hint here even in the source code. Hmm.. Check nmap which and how many ports is opened. Check all port range…

3 port is opened. Now run gobuster, see if any hidden path

Nay~~ Check with multiple dict no result for hidden path. Might be a long name or unique name. Its okay, now we nikto it

Nay also~~ Using okadminfinder3, just incase,

So, enough brute. From the hint, says that the page is only redirect if you have the correct user agent. Switch between chrome, firefox, safari, bot, none working. Must be custom user agent. There is 2 agent — Agent C and Agent R.

Uncheck and choose custom user agent. Put “R” only as user agent

Okay, it changed. Now try change to “C” user agent

Now found the name of the agent C. From the notes, the password is weak. Hail hydra then,

Lets access the FTP then,

Dear agent J,

All these alien like photos are fake! Agent R stored the real picture inside your directory. Your login password is somehow stored in the fake picture. It shouldn’t be a problem for you.

From,
Agent C

I think stega images here. So lets try decode it,

“cutie.png” — file format is not supported means its not an image

It’s a zip file. Lets unzip

Unable to use unzip. Lets try 7zip

Ok, password needed. Crack it using 7zipcracker then

It might be a password for another image.

Failed!. But the password seem weird for me. Decide to check what type of hash is this

Ok that easy. Base64

Got the password!

Hi XXXXX,

Glad you find this message. Your login password is XXXXXXXXXXX!

Don’t ask me why the password look cheesy, ask agent R who set this password for you.

Your buddy,
chris

The message already contain username and the password for the SSH

“What is the incident of the photo called?” — There is something with the image. So let’s download the image. There is no stega in it.. so reverse image with google image search and foxnews keyword and found the incident.

Now Privilege escalation. Lets search any basic opener for root.

The hint is there is CVE exploitation. Using linux-soft-exploit-suggester, because of this machine only have python 3, i need to convert the python code to version 3. Lets run it

I tried any CVE that cause privilege escalation and found 1 (CVE-XXXX–XXXXX). Here the step, download the CVE POC script and run it

Now the root is available to be access! Now you own everything. Find the root flag

Completed!!!

Software Engineer at Teratotech.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store