Ok, let’s get started on the recon phase!

You should always start with an Nmap scan that way you can know which ports are open on the victim machine. In this case, we have three open ports and one of them is a web page. You’ll first find this message

Dear agents, Use your own codename as user-agent to access the site. From, Agent R

If you saw this message then you’ll have to change your user agent on your browser to continue discovering hints on how to get into the machine.

Under the user agent file called agent_C_attention.php you will find the following

Attention chris,

Do you still remember our deal? Please tell agent J about the stuff ASAP. Also, change your god damn password, is weak!

From, Agent R

Try getting access to the FTP server, once you do you will find a few files named To_agentJ.txt, cute-alien.jpg, and cutie.jpg. These will get you to the next message.

Dear agent J,

All these alien like photos are fake! Agent R stored the real picture inside your directory. Your login password is somehow stored in the fake picture. It shouldn’t be a problem for you.

From, Agent C

Now use your trusty steganography to get the hidden file and crack it! I swear we’re almost done just have some patients.

Agent C,

We need to send the picture to ‘QXJlYTUx’ as soon as possible!

By, Agent R

Once you crack it you can use this CVE to escalate your privileges and get the root flag.

Alright alright, TLDR of the cve is to use this command sudo -u#-1 /bin/bash that grants you root privileges and now you can get the root flag along with the user flag, and the room is now solved!