Categories
Capture The Flag Hacking

PickleRick Writeup – TryHackMe

This post is a walkthrough of the PickleRick which is a Rick and Morty themed Tryhackme room. The goal is to find three hidden flags.

Tryhackme

Let’s get started by deploying the machine. Now, after deploying the machine, start with a basic Nmap scan and see which ports and services are open and running on the particular IP address.

Nmap Scan

PickleRick Writeup - TryHackMe 1

By the Nmap output, we can clearly deduce that there are 2 open ports one is 80 which indicates that there is a website up and running so let us take a look at the website.

webpage
Webpage at port 80

As we can see that in the webpage there is no useful data which might come handy so let’s visit the source code of the website we might find some useful data there.

PickleRick Writeup - TryHackMe 2
Source code of the website

Voila!! we got a username in the source code.

Now let’s further enumerate the directories with the help of gobuster.

Gobuster Scan

PickleRick Writeup - TryHackMe 3

As we can in the result of gobuster that there is a login.php file but let’s first visit the robots.txt file for completing the scanning.

robots.txt

Here we can see a weird string might be some kind of a password for SSH or login.php page. So let’s look at the login page first.

/login.php page
/login.php page
PickleRick Writeup - TryHackMe 4

After filling in the right credentials we got a command panel page now let’s try some basic Linux commands to see if anything works.

Trying ‘ls’ lists out all the files in the directory including ‘Sup3rS3cretPickl3Ingred.txt’

But wait!! We can’t read the file! If we type in ‘cat Sup3rS3cretPickl3Ingred.txt’ we are served with an error

PickleRick Writeup - TryHackMe 5

Now let’s head over to Pentest Monkey’s Reverse Shell Cheatsheet.

I tried bash reverse shell payload but it didn’t work, next up is perl payload.

PickleRick Writeup - TryHackMe 6

This payload WORKED!!! We got the shell using the Perl reverse shell payload.

PickleRick Writeup - TryHackMe 7

We have our first flag, there are 2 more flags in the machine. Let’s read the clue.txt to see if there’s anything which can lead us to flag 2.

The clue states “Look around the file system for the other ingredient.”

I tried finding flags in several directories and finally got the second flag in home directory of the user ‘rick’

PickleRick Writeup - TryHackMe 8

After doing a lot of research I found the 3rd flag in /root directory!

PickleRick Writeup - TryHackMe 9

Personal Conclusion over this room

Personally, I’ve had an amazing time in this room and learned a lot. TryHackMe has tons of other rooms, each different from another which gives a huge learning opportunity as well. I would try to upload writeups of rooms that I found interesting but for now, I hope you also learned something from this writeup. I also have published a writeup for Mr.Robot CTF from Tryhackme if you find this interesting you might find that too.

Sometimes we include links to online retail stores and/or online campaigns. If you click on one and make a purchase we may receive a small commission.

Comments:

Leave a Reply

Your email address will not be published. Required fields are marked *