AgentSudoCTF of TryHackMe
Build Up:
Welcome to another THM exclusive CTF room. Your task is simple, capture the flags just like the other CTF room. Have Fun!
If you are stuck inside the black hole, post on the forum or ask in the TryHackMe discord.
Solution:
- nmap scan here
Ports:
21 => vsftpd 3.0.3
22 => ssh
80 => http
- Logged into the ftp server with the password and got 3 files 1,2 and 3.
- From the text it was clear that one of the images contained a message.
- Used stegnographic tools but failed, at last used
binwalk to find out that there was a zip file and it had a password.
- Used zip2john to get the key stored as hash and cracked it using john.
- Opened the zip file to find out
QXJlYTUx, it was a base64 text, decoded it to find Area51.
- Used the code to extract the steg-message in this picture and found that agent J is
james and his password is hackerrules!.
- ssh into the server using the creds of
james and found that the could run (ALL, !root) /usr/bin/bash as sudo.
- Searched for the above on the web and found it as a vuln, which can be exploited using
sudo -u#-1 /bin/bash and get the privilege escalated to root.
- Got privileges as root and completed the machine.
- Also, there’s a challenge for reverse image searching, which can be done online and searching the keyword leads to the exact incident and keyword which the room wants.
~ Machine Completed ~
