TryHackMe |CTF |Pickle Rick Walkthrough
Who doesn't love a Rick and Morty adventure, lets help Rick find the right ingredients for the potion to transform himself back into a human. Doesn’t get better does it?
Box location : https://tryhackme.com/room/picklerick#
Reconnaissance
Nmap to the rescue. Let’s get the keys clicking.
nmap -sC -sV -A <IP address of the target machine>
Scanning
We can access the website now using Ip address in the search bar.
Always check the source code of the web page. Right click view page source. This step is essential to gather information of the target website. In addition, we will also use gobuster to find another important string which might be our password on robots.txt .
Let’s dig into this website using gobuster.
gobuster dir -u http://<IP Address> -w /wordlist you want to use
Gaining Access
Username and password found while scanning is used to access the machine. We have bypassed the webpage credentials and now we are looking for three hidden clues.
Giving it a go with ls -la command, to see if it is a interface for the machine.
Note: cat command has been disabled by the admin, which leaves to other alternatives such as less, head, tails and many more.
Hint: It means we need to iterate over machine directories to find out the next clue.
Second ingredient must be in one of the users directory, let’s move to /home directory to find out the users on this machine.
Second Ingredient Found !!
Privilege Escalation
We can check what’s happening in the sudoers file, mot likely the file clue has something to do with root account.
Let’s use the sudo command to go the directory and find out the final clue.
Gotcha pickle!! Room completed.
If you found any of the steps of walkthrough useful give hit the clap button👏🏽
Cheers 🍻