Wednesday, February 23, 2022

TryHackMe - Pickle Rick - walkthrough

Pickle Rick - A Rick and Morty CTF. Help turn Rick back into a human!
It is a CTF room on TryHackMe page if you are fan of Rick and Morty cartoon you should defently try to solve it. It is not that hard and you can solve it pretty fast.
  1. step:
    2. Start target machine that you will try to exploit and start Attackbox machine.
  2. step:
    3. As usually we try with nmap scan to check what ports are open on target machine with command:

    nmap -sC -sV Target_IP


    With only 2 ports open we check the web page
  3. step:
    4. There is nothing much on the page but is it? We check the page source code where we find username which might be useful in next steps
  4. step:
    5. With use of the gobuster we scan webpage to find hidden files or directories I have used following command:

    gobuster dir -t 40 -u 10.10.151.87 -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -x html,php,txt -t 60


  5. step:
    6. We find the login.php access page but we are missing password. We check the robot.txt file and we get possible password candidate for login. Which turns out that it is actual username and pass.
  6. step:
    7. We end up on command panel where we can write some command like ls and we can see interesting files there with Q1 answer ingridient. We try opening filed with cat command File_name.txt but it doesnt allow us.
    We try with less command File_name.txt voila we opened it and we can answer first Q1.
  7. step:
    8. In this step we check the clue.txt file which says that we should look around directories for second ingridient. We try to get to other directories in /home/rick/ we find the file second ingridients. Since the spaces in files names and linux arent good friends we need to use less command like this:

    less '/home/rick/second ingredients'


    And voila we have 2nd ingredient and we can answer the Q2.
  8. step:
    9. with command

    sudo -l

    we check what we can run as root.
  9. step:
    10. we can try

    sudo ls -la /root

    and we find 3rd.txt
  10. step:
    11. Since we cannot open file in it's folder we can try copying to other directory and change permissions:

    sudo cp /root/3rd.txt /var/www/html/ && chmod 777 3rd.txt

  11. step:
    12. In browser open file via Target_IP/3rd.txt. and we can answer last Q3 in this room.
I hope anyone who gets stucked finds this writeup helpful.
at
Labels: , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

How to Install PostgreSQL on Debian 12: A Step-by-Step Guide

PostgreSQL, commonly known as Postgres, is a powerful, open-source relational database management system renowned for its advanced features ...