TryHackMe: Pickle Rick CTF Walkthrough

Pickle Rick

#Enum/Recon

Command used: nmap -A <machine IP>

From the nmap scan result we came to know that two ports are open and they are, 22/tcp ssh and 80/tcp http. Let’s check out port 80 on the browser.

Well, seems like Rick is in danger!! In the webpage, I couldn’t find any clue but when I viewed the page source, I got the username: R1ckRul3s

Since we got the username, let’s start looking for password using brute force techniques. First, I did the directory brute forcing with my favorite tool dirb and got /robots.txt with status: 200

command used: dirb http://<target-ip>

When I checked in my browser, I think I got the password!!

password:Wubbalubbadubdub

With the collected login credentials, I tried to connect to the server via SSH and the permission was denied.

Well at this point I felt pretty stupid as rick said and then realized that enumeration is the key. So, I looked around in /assets in my browser and this is what I got…A big nothing except gifs and images and nothing interesting.

Now I tried with Nikto tool to get even more results and observed that there is /login.php.

command used: nikto -h <machine IP>

I just tried it and bingo! I got the login page.

Login Credentials

username: R1ckRul3s

password: Wubbalubbadubdub

#Exploit:

Now, we should execute some linux commands get the ingredients flags.

command used: ls -la

We got the .txt file. If we use cat command, we won’t get the flag because the command is disabled.

So, I used less command instead of cat and got the first flag.

command used: less Sup3rS3cretPickl3Ingred.txt

mr. meeseek hair

For the second flag the command used: less /home/rick/’second ingredients’

1 jerry tear

Now it’s time for 3rd and the last flag. To get this, I just checked the user permission by typing sudo -l and we can see that there is no restrictions and the existing user can run commands as sudo.

for the 3rd flag, the command used: sudo less /root/3rd.txt

3rd ingredients: fleeb juice

please everyone join my telegram channel :https://t.me/hackerwheel

Hackerwheel
Change the world
https://t.me/hackerwheel

happy hacking………

--

--

--

CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics

Love podcasts or audiobooks? Learn on the go with our new app.

T Maps Technical Overview

How to build a serverless web crawler

Concrrency in Go: goroutines (part 1)

The Act of Writing Code

The Dreaded ‘legacy’ Code

Creating Custom Middleware in ASP.Net Core

Setting up WordPress with Docker

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
jagadeesh

jagadeesh

CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics

More from Medium

Dependency Injection Containers

Async & Await & Actor

Security Management with SYNK

Automatic Updates = New Features and Security