Open in app

Sign in

Write

Sign in

Pickle Rick! — TryHackMe writeup

GrimTheRipper
4 min readDec 22, 2024

--

TryHackMe Room : https://tryhackme.com/r/room/picklerick

Room Objectives

A Rick and Morty CTF. Help turn Rick back into a human!

Let Start!!

In order to assess the security posture of the network, the first step is to scan the ports using the nmap tool.

The results show that ports 22 and 80 are open.

Next, try accessing the website from the target IP address.

nmap -A -sC -sV [ip]

The message instructs us to find the three ingredients needed to create a special potion!!!.

I tried right-clicking and selecting ‘View Page Source’ to look for clues, and I found something — a Username!

But I didn’t find the password, so I tried using a command dirsearch -u 10.10.85.44 -t 15 -e php,html,txt to scan for interesting paths.

dirsearch -u [ip] -t 15 -e php,html,txt

When I tried opening the path I found, wow, I discovered a code!

Let’s try logging in with that password.

Great, it worked! I found an input field where I can enter some commands.

“I tried entering the command ls to see what’s inside.

I found a .txt file, so I opened it and discovered the first ingredient!

Next, I tried to find the second ingredient by opening other tabs, but didn’t find anything.

So, I went back and tried using the sudo command, and I found that no password was required to elevate privileges.

Commands can be used, so I’ll try setting up a reverse shell to make it easier to find clues.

I tried establishing a connection using port 4444.

sudo nc -lvnp 4444

And used a Reverse Shell Generator with Python 3.

Execute the command obtained for processing.

Connection successful. I checked the permissions using the whoami command and found that the user is www-data.

Use the command cd /home/rick to change the directory to the “rick” folder, then list all files in that folder with the command ls. Finally, use the command cat second ingredients to display the content of the file named "second ingredients".

I found the second ingredient! Let’s find the final ingredient!

To open a new shell with administrative privileges, use the command sudo bash -i. Then, change to the /root directory with the command cd /root. List all files in that directory using ls. Finally, display the content of the file named 3rd.txt with the command cat 3rd.txt

sudo bash -i

Finally, we have found all three ingredients. Rick will be a person again.

--

--

GrimTheRipper
GrimTheRipper

Written by GrimTheRipper

24 Followers
7 Following

You get the best out of others when you give the best of yourself

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams