Pickle Rick

A Rick and Morty CTF. Help turn Rick back into a human!

This is the write-up for the room Pickle Rickon Tryhackme and it is part of our cybersecurity training from HackerU.

Firstly we have to make a connection with VPN or use the attack box on the Tryhackme site to connect to the Tryhackme lab environment.

VPN connection with THM

Now we will deploy the machine after that we will get the Target system IP. Once the machine is booted up then will check the number of ports open and service running. Before doing Nmap we will check ping requests with the target system.

Ping check

As ping is successful will start our Nmap scan.

Nmap scan

nmap -sS -sV -A 10.10.10.47

-sS (TCP SYN scan)

-sV (Version detection)

-A (Aggressive scan options

From the scan, we can see that 2ports are open which are port 22, port 80.

we have to do a little enumeration like looking for some information on the website as port 80 is open.

So we directly visited the site in the web site we can see an image, where we can’t find any useful information.

We will check with the page source. By checking the page source, we found the username is R1ckRul3s.

Webpage source

In order to get more information about the hidden directory , will go with gobuster.

Gobuster scan without page extension

gobuster dir — u http://10.10.119.63/ -w/usr/share/wordlists/dirb/common.txt -t 64

robots.txt

Checking robots.txt we got some information this might be the password for the user we got in page source.

We will check for gobuster with PHP extension.

gobuster with PHP extension

We got login.php directory and portal.php which is redirecting to login.php.

login page

We will try login using the user name and password we got.

username:- R1ckRul3s

password:- Wubbalubbadubdub

we were able to log in and this command panel appeared tried the ls command.

ls command in command panel.

We got some text files Sup3rS3cretPickl3Ingred.txt and clue.txt.

First will check the content of Sup3rS3cretPickl3Ingred.txt as cat command was disabled tried less command.

less Sup3rS3cretPickl3Ingred.txt

less command

we got first ingredient and our first flag.

First flag

Now we will check the content of the clue.txt file.

clue.txt

content of clue.txt

It says that we have to look around the file system. so will search home directory.

Home directory

We got 2 users in a home directory one is rick other is ubuntu. will search inside the rick directory.

check inside rick folder

second ingredients file

Inside the rick directory, we found the second ingredients file we will search the content of this file.

less /home/rick/”second ingredients”

Note:- used “ ” as the file had spacing in between.

second ingredients

We got second ingredients and second flag.

second flag

now will search inside another user which we found in the home directory to get any information.

Other user

We didn't find any useful information so tried sudo -l command to check the permission this user has to run as sudo.

sudo -l

All permission

We can see that this user can run everything as sudo user. so will check for root directory using sudo command.

root directory

3rd.txt

We found that there is 3rd.txt inside root directory,we will see the content of this file.

Thrid ingredient

We found third ingredient and third flag.

Third flag.

Thus we successfully cracked the box and found all the three ingredients(Flag) .