TryHackMe |CTF |Pickle Rick Walkthrough

Who doesn't love a Rick and Morty adventure, lets help Rick find the right ingredients for the potion to transform himself back into a human. Doesn’t get better does it?

Box location : https://tryhackme.com/room/picklerick#

CTF Incoming

Reconnaissance

Nmap to the rescue. Let’s get the keys clicking.

nmap -sC -sV -A <IP address of the target machine>

NOTICE PORT 22 AND 80 ARE OPEN

Scanning

We can access the website now using Ip address in the search bar.

Always check the source code of the web page. Right click view page source. This step is essential to gather information of the target website. In addition, we will also use gobuster to find another important string which might be our password on robots.txt .

Look what I found a UserName, save it. We might need it at some point
robots.txt seems like an important webpage (Status : 200)
robots.txt output, a string we might need as a password to login. Saving this as well.

Let’s dig into this website using gobuster.

gobuster dir -u http://<IP Address> -w /wordlist you want to use

-x is for filtering the search. It is expected that the website is a php or html page

Gaining Access

Username and password found while scanning is used to access the machine. We have bypassed the webpage credentials and now we are looking for three hidden clues.

ACCESS GRANTED!! using username and password found while scanning.
looks like a linux command line execution platform

Giving it a go with ls -la command, to see if it is a interface for the machine.

Note: cat command has been disabled by the admin, which leaves to other alternatives such as less, head, tails and many more.

Hint: It means we need to iterate over machine directories to find out the next clue.

Second ingredient must be in one of the users directory, let’s move to /home directory to find out the users on this machine.

rick is one of the users

Second Ingredient Found !!

Ingredient 2 found!!

Privilege Escalation

We can check what’s happening in the sudoers file, mot likely the file clue has something to do with root account.

No password on command sudo

Let’s use the sudo command to go the directory and find out the final clue.

we need to use the sudo prefix to enter the root volume

Gotcha pickle!! Room completed.

Ingredient 3 found!

If you found any of the steps of walkthrough useful give hit the clap button👏🏽

Cheers 🍻

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kapish Kuchroo

Receiving and Perceiving misconfigurations in the computing systems