Skip to content

Agent Sudo Writeup – TryHackMe

Agent Sudo and easy box from THM. Although this is an easy box, had to go through several steps just to get the user.

Will start with scan as usual. I have started to use rustscan for scanning the ports, it’s faster than nmap and kind of loving it.

Found 3 ports which were open. As always will start with port 80.

We need to put the codename in the user agent. For a test I put R first to check how it was.

After confirming that it works, tried using the intruder with all the alphabet letters.

Use the Sniper as attack method and add the user agent. Next in the payload set all the Alphabet letter and start the attack.

C got a redirect.

Weak password and we have a user called Chris. Tried brute-forcing both SSH and FTP using Hydra and found that ftp was the one with weak password.

hydra -P /usr/share/wordlists/rockyou.txt -l chris ftp://10.10.52.80 -V

Got the password. Now login using user as chris and password: crystal.

Download all the files to your desktop.

Can also use mget * to download all files.

First I tried checking if there was anything hidden in the pics using exiftool to my disappointment there wasn’t any. Next use binwalk same thing except there was something I didn’t notice before which was about a zip file.

Extracted the file using binwalk and now we have a folder called _cutie.png.extracted.

We got more files. The text file was empty and the zip file was password protected.

Cracked the pass using john. Bloody aliens lol.

Unzipped the file with the alien password we got earlier. First tried “QXJlYTUx” as password for chris to login to ssh and also for the pass of cute alien pic, no luck.

I guess we are deep in the Alien zone now. Area51.

I’m pretty sure at this point I hate chris for making me go through all that just to get the password for james.

Logged in to the machine using the user james and password as shown in the above screenshot.

Finally the user flag.

At this point I don’t think there is any more explanation needed. If you do need one here is the exploit.

https://www.exploit-db.com/exploits/47502

Overall I would say it was fun. Had a lot of stuff to go through just to get the user but after that it was just straight forward to get the root.

The cute aliens

Published inoffensive pathtryhackme

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *