Aleyna

Cyber Security

TryHackMe: Agent Sudo Writeup

updated on

The room: “You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.”

https://tryhackme.com/room/agentsudoctf

Task 2: Enumerate

2.1. How many open ports?

sudo nmap -sC -sV 10.10.137.5

3

2.2. How you redirect yourself to a secret page?

We need to perform a brute-force attack on HTTP user-agent information. We are making a brute force attack using Burp Suite.

List to be used in brute force attack: https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/burp-parameter-names.txt

user-agent

2.3. What is the agent name?

chris

Task 3: Hash cracking and brute-force

3.1. FTP password

hydra FTP, SMB, RDP, and SSH can be used to obtain password-username information.

*******

3.2. Zip file password

We pull the files in FTP to the local with the “get ” command

If we look at the To_agentJ.txt file, it tells us to look at the images.

zip stored image with binwalk tool.

Extract the zip file with the “-e” parameter of the binwalk tool.

We need the password to access the txt file in the zip file. To crack the password, we get the hash of the file with zip2john.

a***n

3.3. steg password

In the To_agentR.txt file, the password is encoded as base64 and is decoded.

A*****

3.4. Who is the other agent (in full name)?

Extract the text in the other image with steghide tool.

james

3.5. SSH password

ha********es!

Task 4: Capture the user flag

4.1. What is the user flag?

Connect to SSH with the password. the txt file has a flag.

b03************************313c7

4.2. What is the incident of the photo called?

The Alien Autopsy.jpg image in SSH is imported local and the image is searched in Tineye.

Roswell alien autopsy

Task 5: Privilege escalation

5.1. CVE number for the escalation 

(Format: CVE-xxxx-xxxx)

We look for a command that can be run with sudo in SSH and we google for the result.

CVE-2019-14287

5.2. What is the root flag?

The exploit file is copied into SSH.

Exploit file is run and root role is obtained. Go to root directory and find root.txt file.

b53a******************************c062

5.3. (Bonus) Who is Agent R?

The bonus question answer root.txt file is mentioned at the end.

D*****l

Click for different Tryhackme Writeups and Cyber Security Articles

a

Tags :

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir