This post is a walkthrough of the PickleRick which is a Rick and Morty themed Tryhackme room. The goal is to find three hidden flags.
Let’s get started by deploying the machine. Now, after deploying the machine, start with a basic Nmap scan and see which ports and services are open and running on the particular IP address.
By the Nmap output, we can clearly deduce that there are 2 open ports one is 80 which indicates that there is a website up and running so let us take a look at the website.
As we can see that in the webpage there is no useful data which might come handy so let’s visit the source code of the website we might find some useful data there.
Voila!! we got a username in the source code.
Now let’s further enumerate the directories with the help of gobuster.
As we can in the result of gobuster that there is a login.php file but let’s first visit the robots.txt file for completing the scanning.
Here we can see a weird string might be some kind of a password for SSH or login.php page. So let’s look at the login page first.
After filling in the right credentials we got a command panel page now let’s try some basic Linux commands to see if anything works.
Trying ‘ls’ lists out all the files in the directory including ‘Sup3rS3cretPickl3Ingred.txt’
But wait!! We can’t read the file! If we type in ‘cat Sup3rS3cretPickl3Ingred.txt’ we are served with an error
Now let’s head over to Pentest Monkey’s Reverse Shell Cheatsheet.
I tried bash reverse shell payload but it didn’t work, next up is perl payload.
This payload WORKED!!! We got the shell using the Perl reverse shell payload.
We have our first flag, there are 2 more flags in the machine. Let’s read the clue.txt to see if there’s anything which can lead us to flag 2.
The clue states “Look around the file system for the other ingredient.”
I tried finding flags in several directories and finally got the second flag in home directory of the user ‘rick’
After doing a lot of research I found the 3rd flag in /root directory!
Personal Conclusion over this room
Personally, I’ve had an amazing time in this room and learned a lot. TryHackMe has tons of other rooms, each different from another which gives a huge learning opportunity as well. I would try to upload writeups of rooms that I found interesting but for now, I hope you also learned something from this writeup. I also have published a writeup for Mr.Robot CTF from Tryhackme if you find this interesting you might find that too.