Walkthrough: Pickle Rick CTF - TryHackMe.
A Rick and Morty CTF. Help turn Rick back into a human!
In this ctf we have to find out 3 ingredients for a potion.
We start by running nmap to find open ports.
nmap -sV machine-ip
Results:
Port Number Service Name 22 SSH 80 HTTP
I also checked the source code of the web page. It has the username hidden in the html code.
Then I tried running Hydra to see if I could access via ssh, but it didn’t work.
After that I ran gobuster to find directories.
Results:
- /assets
- /index.html
- /robots.txt –> Wubbalubbadubdub –> Maybe this is the pw?
Then I ran nikito -h machine-ip
Nikto is a free software command-line vulnerability scanner that scans web servers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks.
Results:
/login.php
The found credentials worked. From this panel we are able to execute commands.
Using ls we can see files besides the ones we saw running gobuster.
Sup3rS3cretPickl3Ingred.txt <– first ingredient
We can’t use cat over there, but we can read the files contents with less:
less Sup3rS3cretPickl3Ingred.txt
cd /home; ls -al; pwd
This will show up as the home folder. We can see there’s a “rick” folder.
We can see its contents with:
ls /home/rick
In that folder is located the file giving us the second ingredient.
Finally for the last ingredient we try to access the root folder. Using
sudo -l
we can see what privileges we have. It turns out that we can run any command without password.
So, if we run
ls /root
we won’t get any results.
But if we run:
sudo ls /root
we can access the directory without any password.
In this directory is located the last ingredient.