Agent Sudo Writeup – TryHackMe

Agent Sudo and easy box from THM. Although this is an easy box, had to go through several steps just to get the user.

Will start with scan as usual. I have started to use rustscan for scanning the ports, it’s faster than nmap and kind of loving it.

Found 3 ports which were open. As always will start with port 80.

We need to put the codename in the user agent. For a test I put R first to check how it was.

After confirming that it works, tried using the intruder with all the alphabet letters.

Use the Sniper as attack method and add the user agent. Next in the payload set all the Alphabet letter and start the attack.

C got a redirect.

Weak password and we have a user called Chris. Tried brute-forcing both SSH and FTP using Hydra and found that ftp was the one with weak password.

hydra -P /usr/share/wordlists/rockyou.txt -l chris ftp://10.10.52.80 -V

Got the password. Now login using user as chris and password: crystal.

Download all the files to your desktop.

Can also use mget * to download all files.

First I tried checking if there was anything hidden in the pics using exiftool to my disappointment there wasn’t any. Next use binwalk same thing except there was something I didn’t notice before which was about a zip file.

Extracted the file using binwalk and now we have a folder called _cutie.png.extracted.

We got more files. The text file was empty and the zip file was password protected.

Cracked the pass using john. Bloody aliens lol.

Unzipped the file with the alien password we got earlier. First tried “QXJlYTUx” as password for chris to login to ssh and also for the pass of cute alien pic, no luck.