Agent T

Room Name → Agent T

Room Link →

Author → Ben , JohnHammond, cmnatic, blacknote and timtaylor

Description → Something seems a little off with the server.


At first, I did a Nmap scan for open ports and services.

nmap -sC -sV -oA nmap/agent

There is only one port open with PHP server 5.5.

I checked the website for further enumeration. Wappalyzer identifies the website is using PHP version 8.1.0.


I looked for PHP 8.1.0 exploit. I found this exploit on exploit-DB

After executing the exploit I got a shell. Success!!


I couldn’t move around that much. I checked the directory and didn’t find the flag.

I searched for the flag file and catted the file directly.

updated_at 13-08-2022