TryHackMe Agent Sudo

Pavan Msvs

4 min readJun 30, 2021

Hello Everyone! Today we are going to solve the TryHackMe machine Agent Sudo

Firstly, connect to the THM machine using VPN and start the machine

Start with Nmap scan to find out the open ports and services running on the machine

Note: If you are running as root, you don’t need to use sudo command

nmap -Pn 10.10.113.154

Perform the advance scan to find out the service versions running on the system

Let’s check the IP-address in the browser to find the details in webpage

In the hint we got that we need to manipulate the response, we can either use Burpsuite or in the browser

We got the hidden message in the response and we got the user name of the user

Now, we will use hydra to brute force the FTP using hydra tool and we got the password for the user “Chris”. Now, login inside the FTP

We can download the text file and check the information in the text file and download all the image files also, they might have some hidden information

The first image doesn’t have any information in it and check the second image

We have some information in the text file

In the third image we can see some data that is hidden inside a zip file

We extracted the image and we can see the file name as _cutie.png.extracted

Inside the folder we can see another zip file and now we will unzip it

The unzip was failed because it says wrong password. Now,we will convert the file to john.txt to brute using john tool

Now we have the password for the zip file and we will try to unzip it

We have successfully extracted the file and we will check the data inside the file

Previously this file contains no data. After we gave the correct password and extracted the file. We got some information inside and it looks like a hash value, use hash analyzer and find the hash type and we found it is base64

Decode it!