Agent Sudo : Tryhackme Walkthrough

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] yo what's going on guys welcome back today we are doing another try hackme walkthrough agent pseudo now it feels like it's been forever since I've done a try happing walkthrough so hit that like button hit that sub button I also have started doing um news updates for cyber security um at the end of each week I'm going to start doing those so hopefully you guys like the content if you do hit that like button hit that sub button is the only way that I can keep progressing and we're almost to 15,000 Subs so thank you so much let's get right into it all right so author note um welcome to another blah blah blah blah BL blah don't care all right so let's enumerate it so first things first let's go ahead and get this baby spun up now I am going to view this in full screen so you guys don't have to sit here here and then I should be able to minimize that there we go so it's going to ask us how many open ports how do you how you redirect yourself to a secret page and then what is the agent name so first things first let's just take a little quick action in map the IP was I didn't even look at the IP 101060 153 101060 153 all right now let's go ahead and look pretty easy FTP SSH HTTP okay so first things first I'm just going to and I say that a lot I realize so I apologize on that um let's go ahead and open I'm G to try not to say it so much is my point let's go ahead and open this and go to the website if I if it a load we got it we got it okay HTTP 10 10 what I say 60 153 is that right that' be sweet if I got that right 60 153 let's go I got it we hit enter okay dear agents use your own code name as a user agent okay so right off the bat we've got a couple answers we got how many ports are open three how do you how you redirect yourself to a secret page user agent um which it told us so okay right off the bat we're getting some pretty good information so let's go ahead and turn on now I want to make sure you guys can see this let's go ahead and right here on the right you see right there there's foxy proxy on this I can get out of the way and I'm going to turn it on to burp so I want to use burp Suite so now we're going to go ahead and open burp Suite under web burp suite and one thing to take away is right away it's telling us you need to use your code name as the user agent so we don't know code names yet but looking at it it's pretty safe bet that has something to do with the alphabet because there's an agent R so agent R is obviously going to be our first code name attempt right because we see that there's an agent R and it's telling us to use our code name so we're going to try and take his and see if we can get into his maybe hopefully let's see if we can actually get into into his uh account so we'll say later we're not going to update it right now we're going to say burp settings everything's good we should go to proxy now we'll hit refresh when we go to refresh we'll see that in here so you can see that it's in here and it's going to 10 1060 153 so we're going to go ahead and send this over to repeater and now that's over in repeater all we have to do is change this user agent we'll get rid of the Firefox and all that and we'll change it to R let's see what we get when we hit R oh it says says what are you doing are you one of the 25 employees if not I'm going to report this incident and then you get the same thing dear agent use your own code name well that tells us we got something different which tells me that something's going on um but one thing I take away right off the bat is I know that there's 26 numbers in the alphabet and there's 25 employees well we know R is not one of them so it makes sense to me that there letters in the alphabet because 25 employees plus agent R is 26 letters so let's just go with a okay didn't get anything different looks like we just got um code use your own code name again we go B and yes I know you can automate this um but I also know that it is right here we said c and it may look like nothing happened but if you look it says follow redirection so we actually have a redirection so and you can see the agent C attention. PHP is the location so we follow that redirection and look at this we got a redirection so it says do you still remember our deal but it says at first attention Chris so right off the bat there's an answer to another one of our questions what is the agent name so let's go to the next ones and it says attention Chris do you still remember our deal please tell Agent J so we already have another user the stuff ASAP also change your godamn password is weak so pretty quickly we can assume that we're going to brute Force's password right um it's pretty easy to tell he has a weak password so right off the bat I'm just going to go ahead and say we're going to probably use Hydra now we could try this on the SSH but I have a sneaking suspicion based on here that we're grabbing files and the next question says FTP password that we need to um Brute Force the FTP password so we're going to say Hydra and we're going to say Tac L for for login and we're going to say Chris because we know it's that was his name and then we say Tech or capital P for password and we're going to use user share wordless whoops wordless and that word list we're going to use is Rock you okay and then we're going to say FTP and it is 10 10603 so we should be able to hit enter here watch it go and watch it attack and what this is doing is it's using that Rocky wordless and it's actually going to go run through each one and try it as a password on the FTP server which is file transfer protocol as we know so therefore we're actually going to tr keep trying the Brute Force the password um I I apologize it's not brute forcing it's a dictionary attack um it's commonly mistakenly called Brute forcing and in here I believe they call it brute forcing right there which it's not so keep that in mind but as this goes through we should see here shortly the actual password come through and then we can answer that question now one thing I'm going to do because I know we don't have to use burp anymore I'm going to turn this off so it stops loading and sending the information to burp and then we'll come back here and we'll just wait and you can see it's trying all these tries per task which is fine and we're going to just wait it's going to sit here and it's going to run and there you go look at that Chris and Crystal now it's going to keep going I'm going to stop it because I don't want it to keep going um but the password is Crystal and that was the next question Crystal okay well you notice it says zip file password so we know we have to do something with a zip file but first we have to get into the server right so FTP 10 10 my finger went off the key 60 153 it's going to ask us for a name we say Chris and the password is Crystal boom we're in okay so now it says to agent j. txt so we know we already knew about Agent J we saw it in one of the other messages so it's not something crazy but let's take a look at it we're going to say get to agent j. txt and usually I would grab them all but I just want to see what this is first so we'll go Ahad and open a tab and we'll say cat to Agent J dear Agent J all these alien-like photos are fake okay agent R stored the real picture inside your directory well we see here there's cue and there's an alien there so we know that your login password is somehow stored in the fake picture it shouldn't be a problem for you well that should be easy because this is the alien picture so we're looking at this cue picture so we'll just say get cue. PNG we need to get that picture and now let's go ahead and Cat that picture right it's cue. PNG let's just see what it is oh God I'm never going to be able to read all of that but there is one thing to look at here right here two Agent J agent R I'm sorry. txt so that tells me that there's a text file hidden in here somewhere so we'll clear that out and we're going to use binwalk binwalk just goes through and tells us what files are in here and we're going to say binwalk and we're going to say q.png it's going to actually walk the binary and tell us and you can see look at that there is a zip archive in here so all we got to do now is binwalk Tac e for um extract q.png and look at this it will actually extract them so it did extract ract them so we'll clear that out and you can see there's the regular initial QD PNG and then you can see here's the QD PNG extracted so we say CD QD PNG extracted LS and there's a zip file crap that's what they told us we will need a password for well let's see if that two agent okay two agent R is empty my guess is the zip file once we actually extract it will write to that agent r hopefully um so let's go ahead and look and we can see it's a zip file we could actually go ahead and unzip it but I'll tell you I it'll ask for a password we don't have it so we're going to say zip to John if you've never used this it's just going to convert it to um a file that we can actually use with John the Ripper so zip to John 8702 dzip and we're just going to name it whatever you want I'm just going to name it name. txt okay now we can just say John for John the Ripper and we can just say name. txt and you can see it's going to run and it's going to sit here and try and figure out the password now how does it do this similar to what we did before but it's going to use its own word list see it it uses op John password. list so the password is alien okay really cool we found the password so now we just have to actually extract the um alien password right so that shouldn't be hard for us that should be pretty easy so all we have to do go through and say seven zip we want to actually pull this out so we're just G to say seven zip e for extract 8702 and you're going to see yes we want to overwrite and it's going to ask us for the password well the password we know was alien hit enter looked like it worked everything is okay so now we say LS and we can actually grab that two agent R and look at that agent C that's us we need to send the picture to as soon as possible well pretty quickly I can tell that's probably base 64 encoded so all we have to do is say Echo and then say base 64 Tac D for decode and look at that area 51 one interesting so let's see what answers we have well we have the zip file password that was alien and then we have the steg password which is steganography what we which is what we just did which is Area 51 perfect so now we actually have a little bit of information so it says if we actually put the whole message together agent C we need to send the picture to Area 51 as soon as possible which that's actually a hint for later and you'll see why so we have the password for stag hiide so we can just say St hiide and we actually got to download the alien photo because that's the only photo left right because it said they told us they stored the password for the alien photo in the fake alien photo so we say get cute alien. jpeg so we know that they stored the password for it we have the password right so now we can say St and then extract T SF and then cute alien and then J uh hopefully that worked it started overwriting itself hold on see that's what I was worried about all right there we go Stag hiide and then extract and then SF cute alien. jpg okay Enter the the pass phrase well Area 51 o I didn't get it right what did I do let's look at Area 51 was it capital or not because I capitalized it um let's see Area 51 it was Capital maybe I messed up uh Area 51 okay that didn't work could not open the file let's see let's look at it maybe because it's not even in the right directory that's probably why that would ma that math checks out so pretty quickly I can tell I messed up go back stay hide there it is I was in the wrong directory that's all passphrase Area 51 wrote extracted data to message. text so let's look at message. text we cat message. text hi James okay so we know Agent J name now which I don't know if it asked for that um it does who is the other agent James glad you found this message your login password is hacker rules pretty easy don't ask me why the password looks cheesy ask agent R who set this password so right off the bat I know it's probably an our ssh in right so we're going to say James at 101 what else was it 101 6153 and then the password is hacker rules and boom we're in that was pretty easy so now we're in so now we say LS there's our user flag cat user flag boom take that flag submit it oops there's his password by the way hacker rules exclamation point here's the F the flag now it says what is the the incident of the photo called now we have to open that photo that's the key so we'll say Python 3 tacm HTTP do server this actually starts a simple server that we can actually just go to in our web browser so we can actually go here and say 8,000 because that's what port it's on and here is our alien autopsy photo look at that now you could probably guess this because it says we got to send it to Area 51 it's an alien and you could probably guess what it is but what you can do is you can actually save this image or copy the image right then you can go to images.google.com uh reject all doesn't really matter and we can upload an image which we can just paste this one and do a reverse image search and if you look you can see a bunch of stuff here funny funny enough you you'll actually see a walkthrough for this um but you can see Roswell video okay so pretty well you can tell it's from Roswell so you can see it's a Roswell alien autopsy that's what it is if you read the articles that's what this is is a Roswell alien autopsy photo okay so don't need to do too much on that one get out of there we can leave that going it doesn't really matter we're going to go ahead and stop the simple server and now we're still logged in as James thankfully so that answers our question now the next thing we have to do is we have to escalate our privileges well to do that we would usually say pseudo tacl and this is just one way you don't have to do it this way and we're going to say password for James and it was hacker rules exclamation point all right and it says all exclamation point route B bashed now if you don't look at this closely you might say well that means they can run everything as root but it doesn't it actually is a little bit different because it's got that exclamation point route so let's go ahead and go here and let's search that because I want to know is there a vulnerability here and if you look one of the first things is a security bypass okay so that's exploit DB here's the cve 2019 14287 and if you look what is the cve number 2019 14287 pretty quick pretty easy and then you can go through here and it tells you exactly check for the permissions we have it so hacker can't run bin bash as root that's what it says you can't run bin bash as root okay perfect well what we can do is exploit that by running this pseudo teu hash1 bin bash okay let's let's go ahead and try it so we say pseudo Tac you number Tac one forward SL bin forward SL bash wow look at that rout now we just CD into the root directory we cat the root. txt look at that your flag ISM b53 blah blah blah blah All That Jazz and then it says bonus who is agent R well it says here by descal AKA agent R so there's your bonus question as well it is desal so hopefully this helps you guys hopefully you guys can get through this box it's a pretty easy one but it is a little bit fun um I like anything with a theme I like um how you progress through and find the pictures and stuff like that so I like the themes let me know what you guys think and let me know if this is um you guys like seeing these walkthroughs or if you'd rather me stick to some of my other content or what you guys prefer because I'd like to keep growing and keep you guys informed and keep helping you guys out so thanks guys have a great day
Info
Channel: stuffy24
Views: 1,568
Rating: undefined out of 5
Keywords: hacking, tryhackme tutorial, tryhackme review, try hack me red team path, try hack me pentesting, how to hack wifi password, pentesting for beginners, walkthrough, tryhackme, tryhackme vs hackthebox, Active Directory, hard tryhackme, thm hard box, THM, full walkthrough, easy, tryhackme walkthrough, walkthrough tryhackme, agent sudo, sudo, agent, walk through agent sudo, guided ctf, ctf guide, hacking agent, hackthebox, htb vs thm, brute forcing, brute force, brute force attack
Id: du8rSXgT-3Q
Channel Id: undefined
Length: 20min 4sec (1204 seconds)
Published: Tue Mar 05 2024
Related Videos
Bounty Hacker : Tryhackme Walkthrough
stuffy24
253
TryHackMe! Sudo - CVE-2019-14287
John Hammond
50K
Multiplayer Hacking?! -- King of the Hill by TryHackMe!
Tyler Ramsbey
1.7K
Agent Sudo CTF | TryHackMe | Steganography, Hydra, & John The Ripper
O5INT
1.1K
OSINT | How to Gather Information on ANYONE!
AI Video Hub
10K
TryHackMe Anthem Walkthrough
I.T Security Labs
2.3K
Why VPNs are a WASTE of Your Money (usually…)
Cyberspatial
1.4M
Noisy Neighbor: Bitcoin's Hidden Health Cost
TIME
10K
Going to Chinese Hacking Competition - Real World CTF Finals
LiveOverflow
1.5M
If I Were to Start in Cyber Security, I'd Do This
NahamSec
27K
TryHackMe! Ninja Skills - Bash like a Pro
Jason Turley
1.2K
TryHackMe! PickleRick - BYPASSING Denylists
John Hammond
292K
I Played HackTheBox For 30 Days - Here's What I Learned
Grant Collins
347K
TryHackMe: Investigating Windows Walkthrough
I.T Security Labs
7.7K
Microsoft Clamps Down On Local Accounts?
Surveillance Report
46K
How to know if your PC is hacked? Suspicious Network Activity 101
The PC Security Channel
1.2M
TryHackMe Blue - Walkthrough
HackerSploit
64K
How to build your own hacking home lab! Pt.1 What you will need!
stuffy24
591
I DON'T like my web browsing options in 2024...
InfinitelyGalactic
70K
TryHackMe Nmap Walkthrough
Mr Ash Co
26K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.