Agent Sudo CTF – Try Hack Me

This is considered an easy box from TryHackMe made by Deskel. Let’s kick it off by running a port scan.

Scanning and enumerating

NMap Scan

Accessing the website, we see an announcement for the agents.

Message to agents

So, after trying to change the user agent in Firefox, i came across some issues. Contacting the box creator, he told me there was a problem with Firefox. Therefore, i used Chromium and i installed the User Agent Switcher plugin. I started to change the user agent to A, B, then, when i changed it to C this popped up.

User agent “C”

Hmm… ok. Now i have a username (chris), and i also get to know that he uses a weak password. The first thing to do was to attack FTP by bruteforcing it as follows.

Bruteforcing FTP

I logged into FTP server and retrieved the found files (don’t forget to use passive mode).

FTP files

By viewing the content designated for agent J i find out that there are files inside the images (stenography).

For agent J

Initial Access

I ran steghide and exiftool against the images and nothing came up. Bun when i tried binwalk, i found a zip file inside one of the images.

Binwalk

I use zip2john, and then john to crack the zip file hash.

Zip2john

After cracking the zip file, i extract the content and view the file for agent R.

To agent R

I decoded the base64 string and extracted the file from the other image.

Second file content extraction

Let’s log in into the SSH with james:hackerrules!.

SSH login

Privilege Escalation

By enumerating the box a little bit, i found that i have sudo right for using bash.

Sudo right

I also knew about a sudo vulnerability which might work, so i gave it a try and successfully prompted a root shell.

Getting root

And that was it. Pretty easy, you’d just need some patience.