# Pickle Rick Room TryHackMe Pickle Rick Room TryHackMe ![](/files/kLDOtytFmJJfgiUcU3FD) Room initial view ![](/files/yTaOutxkfp9m3HiA49i6) The questions given in the room to be solved ![](/files/ppiTEReNcQLwZSBGHBjL) Opened the attack box ![](/files/XqisyivH1MMjqDWCWCjG) Visiting the site ![](/files/aez1AdP9U4QwQm9Qmsx8) Checking the source code of the site ![](/files/z2KU0LG7WraKUHjRMLoB) Got the Username: R1ckRul3s. But where to login. Hmm ![](/files/6ioKm97Tlo8qKWqV2xro) Searched for the login page. ![](/files/4GGQ1P9kEGhKAI2tEGDG) The login page exists. Well the rick forgot the password. Now its time for us to find the password and login to find the three ingredients and help Rick. ![](/files/kBd7GdeRaK6i0SBmhlgG) Tried few passwords manually but no luck. I was wondering if there were any other pages that the login page so i ran Gobuster in my Kali Linux VM. ![](/files/MOCzHW6XQjZCFNYAIi6G) after sometime we found few of the directories in the site. I stopped the gobuster and started looking at the robots.txt file. ![](/files/WZymNA0Soofc9nhfRL6X) Found something after opening the robots.txt page. this is interesting It might be the password lets give it a try with the username we found. `username: R1ckRul3s` `pass: Wubbalubbadubdub` ![](/files/TdcowCBtgq8A8HMicUX8) Seems like this was the password after all and we got into the site. The site had a page called commands so i typed to check if the linux commands are working. So, i typed ls and hit enter. When typed ‘ls’ we got ![](/files/44pDeOhPk65W6Rug59NJ) now lets see what's in side of the files lets use cat command as usual ![](/files/dYAtAy80s8MeIicKy22c) seems like the cat command is blocked. lets try another way to view the content in the file. ![](/files/jBjHi7Qus4e143KIg5Qu) well the less command is working and we can see the content in the file. This might be our First ingredients needed. now i searched for see other content but not possible. so i tried to get a reverse shell using python3. ![](/files/49PvntevNTSy8sd4QgJi) Reverse shell from pentest monkeys. ![](/files/VCNboYA6ccLECLrIEeUj) Reverse shell success After shell success Stabilize the shell {% embed url="" %} after the shell is stable i tried sudo su command to check if root user is enabled and voila i got the root user. Then in navigated to home directory to find the second ingredient. ![](/files/iLeKSdamYI2S1vYOZ75e) after getting the second ingredient i navigated to root and found the third ingredient. ![](/files/bGQRsjjHruvF1frWAUGp) and that's the final ingredient we needed. with this all the ingredients have been gathered. ![](/files/DgsxDGzBFPH6TeeiRku3) and we solved the room. until next time. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://rudolfevergarden.gitbook.io/writeups/tryhackme-writeups/tryhackme-writeups/pickle-rick-room-tryhackme.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.