Pickle Rick
A Rick and Morty CTF. Help turn Rick back into a human!
This is the write-up for the room Pickle Rickon Tryhackme and it is part of our cybersecurity training from HackerU.
Firstly we have to make a connection with VPN or use the attack box on the Tryhackme site to connect to the Tryhackme lab environment.
Now we will deploy the machine after that we will get the Target system IP. Once the machine is booted up then will check the number of ports open and service running. Before doing Nmap we will check ping requests with the target system.
As ping is successful will start our Nmap scan.
nmap -sS -sV -A 10.10.10.47
-sS
(TCP SYN scan)
-sV
(Version detection)
-A
(Aggressive scan options
From the scan, we can see that 2ports are open which are port 22, port 80.
we have to do a little enumeration like looking for some information on the website as port 80 is open.
So we directly visited the site in the web site we can see an image, where we can’t find any useful information.
We will check with the page source. By checking the page source, we found the username is R1ckRul3s.
In order to get more information about the hidden directory , will go with gobuster.
gobuster dir — u http://10.10.119.63/ -w/usr/share/wordlists/dirb/common.txt -t 64
Checking robots.txt we got some information this might be the password for the user we got in page source.
We will check for gobuster with PHP extension.
We got login.php directory and portal.php which is redirecting to login.php.
We will try login using the user name and password we got.
username:- R1ckRul3s
password:- Wubbalubbadubdub
we were able to log in and this command panel appeared tried the ls command.
We got some text files Sup3rS3cretPickl3Ingred.txt and clue.txt.
First will check the content of Sup3rS3cretPickl3Ingred.txt as cat command was disabled tried less command.
less Sup3rS3cretPickl3Ingred.txt
we got first ingredient and our first flag.
Now we will check the content of the clue.txt file.
It says that we have to look around the file system. so will search home directory.
We got 2 users in a home directory one is rick other is ubuntu. will search inside the rick directory.
Inside the rick directory, we found the second ingredients file we will search the content of this file.
less /home/rick/”second ingredients”
Note:- used “ ” as the file had spacing in between.
We got second ingredients and second flag.
now will search inside another user which we found in the home directory to get any information.
We didn't find any useful information so tried sudo -l command to check the permission this user has to run as sudo.
We can see that this user can run everything as sudo user. so will check for root directory using sudo command.
We found that there is 3rd.txt inside root directory,we will see the content of this file.
We found third ingredient and third flag.
Thus we successfully cracked the box and found all the three ingredients(Flag) .