Agent Sudo

6 min readJun 18, 2021

You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.

This is the write-up for room Agent Sudo on Tryhackme and it is part of our cybersecurity training from HackerU.

Firstly we have to make a connection with VPN or use the attack box on the Tryhackme site to connect to the Tryhackme lab environment.

Task 1:

First, deploy the machine after that we will get the Target system IP.

Once the machine is booted up then will move to our next task.

Task 2:

In this task, we have 3 questions to answer.

The first is to get how many open ports are there. For this, we will run Nmap before that will check ping with the target system.

Now we are set to run an Nmap scan to find the open ports.

nmap -sS -sV -A 10.10.110.184

-sS (TCP SYN scan)

-sV (Version detection)

-A (Aggressive scan options)

We found that there are 3 ports open port 21, port 22, port80.

As port 80 is open we will check the webpage for any information.

As we can see a hint was given that we have to use our own codename as a user-agent.

The hint was given in THM that use user-agent C.

To change user-agent I will show three methods users comfortable with any of these can be used.

First method:

We will use curl to change the user agent. We can get details of command in cheatsheet of curl or man page or help.

As seen in the cheatsheet we have to use -L and -A in command.

curl -A “C” -L http://10.10.110.184/

From this, we got some information like the agent name is Chris, and said that his password is weak.

Second method:

The hint was given to use the user-agent switcher will use this extension to change user-agnet.

As seen the highlighted there we have to replace user-agent and apply it and refresh the tab.

We are redirected to the secret page as shown.

Third method:

Using Burpsuite we will intercept the connection and change the user-agent.

As seen we intercepted the website and saw the user-agent column. Now will change it.

We can directly change the user-agent or by going to the inspector option and change it as shown above.

In all three methods, we are redirected to the secret page and got the message hint.

We got an answer for all the three questions of Task 2.

Now we will move to our next task.

Task 3:

We came to know that user Chris has a weak password so will try to crack the FTP password for the user using hydra.

hydra -l chris -P /usr/share/wordlists/rockyou.txt ftp://10.10.110.184

We were successful in cracking the password for user chris.

User:- chris

Password:- crystal

Now will try to log in to FTP using these credentials.

We logged in using chris user and found 3 files, will download all three files to our system to check what more information we can get.

As seen above all files are downloaded and saved in our system. We will see the content of the text file, found information like there is a message hidden in the alien photo file which contains a user password and it is written to Agent J.

We will try to decode that picture using steghide. But the picture is asking for a passphrase so will first have to crack the image to see if we get any file or password using stegcracker.

stegcracker cute-alien.jpg

We got the passphrase as Area51. We got the password, we will extract the jpg file

steghide extract -sf cute-alien.jpg

The steghide extracted the jpg file & data is stored in the “message.txt” file.We will view the extracted file.

We found the user as “James” & the password is “hackerrules!”.

We have to get the password of the zip file for this will have to decode cutie.png using binwalk.

binwalk -e cutie.png

There is a zip file, will search for the content of the zip file. Check for the extracted directory. Inside the extracted directory, we can see the zip file.

We will convert the .zip file to txt file using john(Provided as hint)

zip2john 8702.zip >zip