Introduction:
This is my Documentation for Pickle Rick room in TryHackMe. This room is about exploiting the webserver to find 3 ingredients that will help Rick make his potion to transform himself back into a human from a pickle.
Link: https://tryhackme.com/room/picklerick
Resources Used:
Kali VM
Nmap
Gobuster
Enumeration:
nmap -sC -sV 10.10.86.231
From the scan results, we can derive that 2 services are running:
1. 22 (SSH) (OpenSSH)
2. 80 (HTTP) (Apache httpd)
Web Recon:
Let’s poke at the Webserver and see it’s contents.
Looks like just a message from Rick. Let’s check the source code to get more information.
We got a Username from the source code, Now let’s look for the Password. Maybe we can try looking for the directories using Gobuster.
gobuster dir -u http://10.10.86.231/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,zip,txt
Now we got login.php,assets,portal.php,robots.txt. Let’s look at the robots.txt if we can find anything useful.
We got a weird text “Wubbalubbadubdub” maybe it is the password for the login.php
Tried to login in /login.php and It worked!
Now we have this Command Panel. Let’s try to put some command like ls -al
It worked! Try to read a file.
cat Sup3rS3cretPickl3Ingred.txt
Looks like some commands are disabled. Let’s try other commands to read the file. Now we will try less
less Sup3rS3cretPickl3Ingred.txt
It worked!! We got the first ingredient!
I tried sudo -l and it seems like we can use sudo!
sudo -l
Now let’s find the other ingredients!
Yehey! I found the second ingredient in /home/rick
We will use less again to read the content of the file.
less /home/rick/”second ingredients”
Okay, Let’s find the last ingredient now. We’ll try to look at /root directory using sudo.
sudo ls -al /root
Weepeeeee!! We found the last ingredient! Use sudo to get the content of the file!
sudo less /root/3rd.txt
Yeheyyyyy!!! We’re finally done! Thanks for reading my writeup! :D
