TryHackMe — Agent Sudo

Hafiq Iqmal
6 min readMar 16, 2021

Having fun with TryHackMe again. So, here is the write up and guideline to pass this Agent Sudo challenge.

Room: https://www.tryhackme.com/room/agentsudoctf
Level: Easy

Task: You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.

Lets get started

As usual, open the IP in browser first.

No hint here even in the source code. Hmm.. Check nmap which and how many ports is opened. Check all port range…

# nmap -A -T4 -sV -p- 10.10.X.X
21/tcp open ftp vsftpd 3.0.3
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 ef:1f:5d:04:d4:77:95:06:60:72:ec:f0:58:f2:cc:07 (RSA)
| 256 5e:02:d1:9a:c4:e7:43:06:62:c1:9e:25:84:8a:e7:ea (ECDSA)
|_ 256 2d:00:5c:b9:fd:a8:c8:d8:80:e3:92:4f:8b:4f:18:e2 (ED25519)
80/tcp open http Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Annoucement

3 port is opened. Now run gobuster, see if any hidden path

# gobuster dir -u http://10.10.X.X -w ~/wordlists/dirb/big.txt -t 50

Nay~~ Check with multiple dict no result for hidden path. Might be a long name or unique name. Its okay, now we nikto it

# nikto -h 10.10.X.X

Nay also~~ Using okadminfinder3, just incase,

# ./okadminfinder.py -u 10.10.X.X
...
0 Admin pages found
...

So, enough brute. From the hint, says that the page is only redirect if you have the correct user agent. Switch between chrome, firefox, safari, bot, none working. Must be custom user agent. There is 2 agent — Agent C and Agent R.

Uncheck and choose custom user agent. Put “R” only as user agent

--

--

Hafiq Iqmal

Tech Lead Developer | Software Engineer | Laravel Enthusiasts | CTF Newbie | Medium writer | UiTM Alumni | Husband | Proud father of a beautiful daughter