Command used: nmap -A <machine IP>
From the nmap scan result we came to know that two ports are open and they are, 22/tcp ssh and 80/tcp http. Let’s check out port 80 on the browser.
Well, seems like Rick is in danger!! In the webpage, I couldn’t find any clue but when I viewed the page source, I got the username: R1ckRul3s
Since we got the username, let’s start looking for password using brute force techniques. First, I did the directory brute forcing with my favorite tool dirb and got /robots.txt with status: 200
command used: dirb http://<target-ip>
When I checked in my browser, I think I got the password!!
With the collected login credentials, I tried to connect to the server via SSH and the permission was denied.
Well at this point I felt pretty stupid as rick said and then realized that enumeration is the key. So, I looked around in /assets in my browser and this is what I got…A big nothing except gifs and images and nothing interesting.
Now I tried with Nikto tool to get even more results and observed that there is /login.php.
command used: nikto -h <machine IP>
I just tried it and bingo! I got the login page.
Now, we should execute some linux commands get the ingredients flags.
command used: ls -la
We got the .txt file. If we use cat command, we won’t get the flag because the command is disabled.
So, I used less command instead of cat and got the first flag.
command used: less Sup3rS3cretPickl3Ingred.txt
mr. meeseek hair
For the second flag the command used: less /home/rick/’second ingredients’
1 jerry tear
Now it’s time for 3rd and the last flag. To get this, I just checked the user permission by typing sudo -l and we can see that there is no restrictions and the existing user can run commands as sudo.
for the 3rd flag, the command used: sudo less /root/3rd.txt
3rd ingredients: fleeb juice
please everyone join my telegram channel :https://t.me/hackerwheel
Change the world