Pickle Rick Room TryHackMe

This Rick and Morty themed challenge requires you to exploit a webserver to find 3 ingredients that will help Rick make his potion to transform himself back into a human from a pickle.

Last updated 2 years ago

Pickle Rick Room TryHackMe

This Rick and Morty themed challenge requires you to exploit a webserver to find 3 ingredients that will help Rick make his potion to transform himself back into a human from a pickle.

Pickle Rick Room TryHackMe

Room initial view

The questions given in the room to be solved

Opened the attack box

Visiting the site

Checking the source code of the site

Got the Username: R1ckRul3s. But where to login. Hmm

Searched for the login page.

The login page exists. Well the rick forgot the password. Now its time for us to find the password and login to find the three ingredients and help Rick.

Tried few passwords manually but no luck.

I was wondering if there were any other pages that the login page so i ran Gobuster in my Kali Linux VM.

after sometime we found few of the directories in the site. I stopped the gobuster and started looking at the robots.txt file.

Found something after opening the robots.txt page.

this is interesting It might be the password lets give it a try with the username we found.

username: R1ckRul3s

pass: Wubbalubbadubdub

Seems like this was the password after all and we got into the site.

The site had a page called commands so i typed to check if the linux commands are working. So, i typed ls and hit enter.

When typed ‘ls’ we got

now lets see what's in side of the files

lets use cat command as usual

seems like the cat command is blocked. lets try another way to view the content in the file.

well the less command is working and we can see the content in the file. This might be our First ingredients needed.

now i searched for see other content but not possible. so i tried to get a reverse shell using python3.

Reverse shell from pentest monkeys.

https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

Reverse shell success

After shell success

Stabilize the shell

after the shell is stable i tried sudo su command to check if root user is enabled and voila i got the root user. Then in navigated to home directory to find the second ingredient.

after getting the second ingredient i navigated to root and found the third ingredient.

and that's the final ingredient we needed. with this all the ingredients have been gathered.

and we solved the room. until next time.