Scribd
Upload
178 views8 pages

Agent Sudo Writeup

The document is a write-up for the Agent Sudo CTF on TryHackMe, aimed at beginners, where participants must obtain two flags through various tasks involving enumeration, network scanning, and privilege escalation. Key steps included scanning for open ports, brute-forcing FTP credentials, extracting and decoding files, and ultimately escalating privileges to root. The write-up also answers specific questions related to the CTF, providing insights into the techniques used and the knowledge gained during the challenge.

Uploaded by

iioo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
178 views8 pages

Agent Sudo Writeup

The document is a write-up for the Agent Sudo CTF on TryHackMe, aimed at beginners, where participants must obtain two flags through various tasks involving enumeration, network scanning, and privilege escalation. Key steps included scanning for open ports, brute-forcing FTP credentials, extracting and decoding files, and ultimately escalating privileges to root. The write-up also answers specific questions related to the CTF, providing insights into the techniques used and the knowledge gained during the challenge.

Uploaded by

iioo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

CTF Write-Up: Agent Sudo

The following writeup is for the agent sudo CTF hosted on TryHackMe, it is a free room and is for
beginners. The objective of this CTF is to gain two flags, among answering several questions
along the way. Acquiring all this information requires knowledge in enumeration, network
scanning, privileges escalation and more. It was a great learning experience, and I had a lot of
fun along the way.

1. Enumeration

First, I conducted an Nmap scan to identify open ports, service versions, and any common
vulnerabilities or weaknesses for which the default scrip scan identifies. Here is the Nmap
command that was used:

Scan results:

o 21 (FTP), 22 (SSH), and 80 (HTTP)

2. Investigating Port 80

Accessing the web server revealed a HTML page indicating that agents should use their
codenames as the user-agent to access the site. Using the ‘curl -A’ command, we can spoof the
user-agent.
Seeing as it says from agent R, we can assume agents are assigned a letter of the alphabet so
let’s try this out until we find something interesting:

We get something like shown in the above image, however, when you use ‘C’ as the user-agent,
we get:

3. Brute Forcing FTP

The responses hinted that ‘chis’ might be a username, so I decided to brute-force the password
to FTP using Hydra:

And boom, we have found a password:

Let’s now login to FTP using these credentials (chris:crystal):


4. Steganography and Zip Cracking

There are 3 files located in the FTP share:

Let’s download them and investigate the files locally:

The txt file contains:

This likely hints at the use of steganography, which we will explore soon. If we use binwalk on
the other two files, we find something interesting:
The cutie.png file is actually a Zip archive, so let’s extract it using binwalk -e:

We can use zip2john and then john to crack the password hash for the zip file:

We have successfully found a password, so let’s extract it:

In this zip archive was a file, if you open the text file, you are presented with a string:
This is a weird string; it appears to be base64 so let’s decode it using base64 -d:

5. Exploring Image using Steghide

Next, steghide was used to reveal an embedded message inside the ‘cute-alien’ image:

This tells us that message.txt is embedded into the image file, so let’s extract it using the same
tool:

6. SSH Login
The message extracted from the image gives us a password for james, why don’t we try to use
these credentials (james:hackerrules!) on ssh:

It worked:

Let’s also download the image file and investigate it:

Let’s do a reverse image search using Google:

7. Privilege Escalation

The goal now is to escalate to root:

If we search for this command followed by ‘exploit’ we can find a working exploit on exploit-db:

Let’s download this exploit and use scp to send it over to the ssh server:
You can see the file is now in james’ home directory:

Let’s now run the exploit, you simply need to enter your current username:

We can see that the exploit worked, and we now have root privileges. Let’s fine the root flag:

Questions Answered:

1. How many open ports?


o 3
2. How you redirect yourself to a secret page?
o user-agent
3. What is the agent name?
o chris
4. FTP password
o crystal
5. Zip file password
o alien
6. Steg password
o Area51
7. Who is the other agent (in full name)?
o james
8. SSH password
o hackerrules!
9. What is the user flag?
o b03d975e8c92a7c04146cfa7a5a313c7
10. What is the incident of the photo called?
o Roswell alien autopsy
11. CVE number for the escalation
o CVE-2019-14287
12. What is the root flag?
o b53a02f55b57d4439e3341834d70c062
13. Who is Agent R?
o DesKel

This CTF was a great exercise to test my basic penetration testing skills. I hope this write-up
proves useful for those looking to understand the process. Feel free to reach out to me if you
need help with this CTF or have any feedback. Happy hacking!

You might also like