TryHackMe: Pickle Rick CTF Walkthrough

Posted byMANJUNATH NAYAKAPosted inUncategorized

Introduction

Hello fellow Hackers! Another day with another CTF machine for my tryhackme writup series. A Rick and Morty CTF. We need to help Rick to turn back into a human!. This Rick and Morty themed challenge requires you to exploit a webserver to find 3 ingredients that will help Rick make his potion to transform himself back into a human from a pickle.

rick and morty smile GIF by Kevin Carter
help!!!

You can access this machine from this url: https://tryhackme.com/room/picklerick

After hitting the deploy button we now have our IP address (before starting, check whether the IP is live by pinging ).

#Enum/Recon

I have used Nmap to check for open ports and services.

Command used: nmap -A -sV <machine IP>

From the nmap scan result we came to know that two ports are open and they are, 22/tcp ssh and 80/tcp http. Let’s check out port 80 on the browser.

Well, seems like Rick is in danger!! In the webpage, I couldn’t find any clue but when I viewed the page source, I got the username: R1ckRul3s

Since we got the username, let’s start looking for password using brute force techniques. First, I did the directory brute forcing with my favorite tool Gobuster and got /robots.txt with status: 200.

command used: gobuster dir -u <url> -w /usr/share/dirb/wordlists/common.txt

When I checked in my browser, I think I got the password!!

Season 2 Episode 204 GIF by Rick and Morty

password: Wubbalubbadubdub

With the collected login credentials, I tried to connect to the server via SSH and the permission was denied.

Season 1 Episode 6 GIF by Rick and Morty

Well at this point I felt pretty stupid as rick said and then realized that enumeration is the key. So, I looked around in /assets in my browser and this is what I got…A big nothing except gifs and images and nothing interesting.

Now I tried with Nikto tool to get even more results and observed that there is /login.php.

command used: nikto -h <machine IP>

I just tried it and bingo! I got the login page.

Login Credentials

username: R1ckRul3s

password: Wubbalubbadubdub

#Exploit

Now, we should execute some linux commands get the ingredients flags.

command used: ls -la

We got the .txt file. If we use cat command, we won’t get the flag because the command is disabled.

So, I used less command instead of cat and got the first flag.

command used: less Sup3rS3cretPickl3Ingred.txt

mr. meeseek hair

For the second flag the command used: less /home/rick/’second ingredients’

1 jerry tear

Now it’s time for 3rd and the last flag. To get this, I just checked the user permission by typing sudo -l and we can see that there is no restrictions and the existing user can run commands as sudo.

for the 3rd flag, the command used: sudo less /root/3rd.txt

3rd ingredients: fleeb juice

Season 3 Episode 10 GIF by Rick and Morty

Finally!!! all the three flags were captured and the task is completed successfully. Thanks for reading and hope you enjoyed too. as I always mention in my every blog, suggestions are always welcome and open for discussion so that we can discuss about other methods to complete the same task (exchanging ideas).

Happy Hacking….

Published by MANJUNATH NAYAKA

A Cyber Security Enthusiast who is passionate and fond of learning new stuffs in Cyber Security World. I was working as Network and Security operations Engineer but then I found my passion towards Cyber security. I'm a newbie in blogging as well ;)

Leave a comment

Design a site like this with WordPress.com
Get started