Agent T TryHackMe Walkthrough


Musyoka Ian
3 min readAug 5, 2022

Hello guys back again with another walkthrough this time we are going to be tackling Agent T from TryHackMe. A nice easy box that just needed you to identify the version of PHP running then looking online you discover it has a backdoor that leads to remote code execution then craft an exploit manually or use an exploit already available. I wrote a python exploit about a year ago publicly available on my GitHub page am going to share the link in the walkthrough. After exploiting the box and getting a shell we will discover that the flag is in the root directory of the box. Without much say let’s jump in

As always we’ll start off with an nmap scan of the box and we discover one port is open. Port 80 HTTP probably hosting a website

On opening the webpage with Mozilla we get a standard webpage which seems to now allow user input

I decided to send the request through burpsuite to examine it more carefully and looking at the screenshot below, the version of php is leaked

Looking online for exploits we discover it was backdoored which led to a remote code execution

I wrote an exploit for this specific vulnerability about a year ago. So am just going to git clone the project from my GitHub page. The exploit is publicly available and can be access and used by anyone

After cloning the repository i ran the exploit and looking at the screenshot below we had code execution on the box

Next step is getting the flag from the box i ran the command

find / -name flag.txt 2>/dev/null

Looking at the screenshot below we get that the flag is in the root directory

All that is remaining is to read the flag using the cat command

Looking at the screenshot above we have the flag and the box is pretty much done. I hope you enjoyed the walkthrough if so clap for me down below and follow me so that you don’t miss any upcoming walkthroughs