TryHackMe: Agent Sudo

This a great box for beginners available on tryhackme. A bit puzzle-y but it covers all basic skills: scanning, password cracking, stego

This is an older writeup, so the format is very messed up.

Scanning:

Initial scan to find the machine on the network

Full scan to get details about running services

Web:

Enumerate the server:

Check index.php

Create request for each possible codename as User-Agent:

Loop through the alphabet sending a request for each letter:

In curl_out.txt:

FTP:

Trying to get the password for chris for ftp:

Logging into FTP for user chris:

Download all the files:

Downloaded files:

• To_agentJ.txt

• cute-alien.jpg

• cutie.png

Checking To_agentJ.txt:

Stego:

Checking the two /assets/images for hidden files or text:

Retrieving hidden files from cutie.png using binwalk:

Using zip2john to get the hash for the encrypted archive:

Cracking the hash for the encrypted archive:

Viewing the contents of the archive:

Cracking the steghide password for the other image:

The extracted file:

User:

Login to SSH:

User Flag:

Root:

Copy the image Alien_autospy.jpg to local machine:

(BONUS) Found the source of the image using Tiny Eye:

Tiny Eye -> Fox News -> Roswell alien autopsy

Checking if james can run anything with elevated privileges using sudo -l:

sudo priv esc:

This version of sudo is vulnerable to sudo 1.8.27 - Security Bypass (CVE-2019-14287) (https://www.exploit-db.com/exploits/47502)

Command:

sudo -u \#$((0xffffffff)) /bin/bash

Running the command:

Root Flag:

Fin.