TryHackMe Agent Sudo
Hello Everyone! Today we are going to solve the TryHackMe machine Agent Sudo
Firstly, connect to the THM machine using VPN and start the machine
Start with Nmap scan to find out the open ports and services running on the machine
Note: If you are running as root, you don’t need to use sudo command
nmap -Pn 10.10.113.154
Perform the advance scan to find out the service versions running on the system
Let’s check the IP-address in the browser to find the details in webpage
In the hint we got that we need to manipulate the response, we can either use Burpsuite or in the browser
We got the hidden message in the response and we got the user name of the user
Now, we will use hydra to brute force the FTP using hydra tool and we got the password for the user “Chris”. Now, login inside the FTP
We can download the text file and check the information in the text file and download all the image files also, they might have some hidden information
The first image doesn’t have any information in it and check the second image
We have some information in the text file
In the third image we can see some data that is hidden inside a zip file
We extracted the image and we can see the file name as _cutie.png.extracted
Inside the folder we can see another zip file and now we will unzip it
The unzip was failed because it says wrong password. Now,we will convert the file to john.txt to brute using john tool
Now we have the password for the zip file and we will try to unzip it
We have successfully extracted the file and we will check the data inside the file
Previously this file contains no data. After we gave the correct password and extracted the file. We got some information inside and it looks like a hash value, use hash analyzer and find the hash type and we found it is base64
Decode it!
Now, try to extract the data from the image files, this image contains a message.txt and check the information inside the file
Here, we got the login password as “hackerrules!” and it gave the username as “james” in the message. Now, try to login with the SSH
We successfully got the shell and check for the user file permission
It says “/bin/bash” . Now, check for the exploit in the internet and we found in the Exploit-DB
Check the sudo version in the system and verify with the exploit
Copy the payload from the internet and paste it and execute
We escalated the privileges and got the user_flag.txt. Now navigate to the root directory to find the root flag
This concludes the room and both flags have been captured!