> For the complete documentation index, see [llms.txt](https://rudolfevergarden.gitbook.io/writeups/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://rudolfevergarden.gitbook.io/writeups/tryhackme-writeups/tryhackme-writeups/pickle-rick-room-tryhackme.md).

# Pickle Rick Room TryHackMe

Pickle Rick Room TryHackMe

![](/files/kLDOtytFmJJfgiUcU3FD)

Room initial view

![](/files/yTaOutxkfp9m3HiA49i6)

The questions given in the room to be solved

![](/files/ppiTEReNcQLwZSBGHBjL)

Opened the attack box

![](/files/XqisyivH1MMjqDWCWCjG)

Visiting the site

![](/files/aez1AdP9U4QwQm9Qmsx8)

Checking the source code of the site

![](/files/z2KU0LG7WraKUHjRMLoB)

Got the Username: R1ckRul3s. But where to login. Hmm

![](/files/6ioKm97Tlo8qKWqV2xro)

Searched for the login page.

![](/files/4GGQ1P9kEGhKAI2tEGDG)

The login page exists. Well the rick forgot the password. Now its time for us to find the password and login to find the three ingredients and help Rick.

![](/files/kBd7GdeRaK6i0SBmhlgG)

Tried few passwords manually but no luck.

I was wondering if there were any other pages that the login page so i ran Gobuster in my Kali Linux VM.

![](/files/MOCzHW6XQjZCFNYAIi6G)

after sometime we found few of the directories in the site. I stopped the gobuster and started looking at the robots.txt file.

![](/files/WZymNA0Soofc9nhfRL6X)

Found something after opening the robots.txt page.

this is interesting It might be the password lets give it a try with the username we found.

`username: R1ckRul3s`&#x20;

`pass: Wubbalubbadubdub`

![](/files/TdcowCBtgq8A8HMicUX8)

Seems like this was the password after all and we got into the site.

The site had a page called commands so i typed to check if the linux commands are working. So, i typed ls and hit enter.

When typed ‘ls’ we got

![](/files/44pDeOhPk65W6Rug59NJ)

now lets see what's in side of the files

lets use cat command as usual&#x20;

![](/files/dYAtAy80s8MeIicKy22c)

seems like the cat command is blocked. lets try another way to view the content in the file.

![](/files/jBjHi7Qus4e143KIg5Qu)

well the less command is working and we can see the content in the file. This might be our First ingredients needed.

now i searched for see other content but not possible. so i tried to get a reverse shell using python3.

![](/files/49PvntevNTSy8sd4QgJi)

Reverse shell from pentest monkeys.

<https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet>

![](/files/VCNboYA6ccLECLrIEeUj)

Reverse shell success

After shell success

Stabilize the shell

{% embed url="<https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys>" %}

after the shell is stable i tried sudo su command to check if root user is enabled and voila i got the root user. Then in navigated to home directory to find the second ingredient.

![](/files/iLeKSdamYI2S1vYOZ75e)

after getting the second ingredient i navigated to root and found the third ingredient.

![](/files/bGQRsjjHruvF1frWAUGp)

and that's the final ingredient we needed. with this all the ingredients have been gathered.

![](/files/DgsxDGzBFPH6TeeiRku3)

and we solved the room. until next time.
