Pickle Rick CTF from tryhackme.com

Today I decided to write my first cybersecurity blog here in medium. I picked Pickle Rick CTF from tryhackme.com. It is an easy and fun challenge. Tryhackme is an awesome site for learning and teaching cybersecurity. You can check their website tryhackme.com for details.

This challenge requires you to exploit a webserver to find 3 ingredients that will help Rick make his potion to transform himself back into a human from a pickle.

1. Let start off by scanning via nmap:

• the result shows that port 80 (HTTP) and 22 (ssh)
• since this is a web server exploit challenge we can start or focus via port 80

2. We can look around the web page and look for something interesting.

• checking the Page Source shows the below Username which we can use later.

3. Enumerated directory using dirb and dirbuster and found — assets, robots.txt and portal.php

dirb:

dirbuster:

• examined each directory:
• /robots.txt. Hmmm, it's interesting, looks like a password???

• /assets. Bunch of images that can be examined as well.

4. Gaining Access

• /portal.ph. It redirected me to /login.php. Now I can try the Username I saw — R1ckRul3s and the password could be Wubbalubbadubdub

• login successful. And now I’m log in. We can tell it’s an RCE exploit.

• Let us execute simple list command (ls -lha)

• then we can cat or less these files. One stand out is Sup3rS3cretPickl3Ingred

• this definitely one of the ingredients (flag). 1 Point.
• then I created a script which is available online and uploaded to the target system, made it executable to establish a reverse shell to easily look around the system.

• executed the command and gained access.

• with my reverse shell I have the ability to look around the system. I found the second ingredients from /home/rick directory as shown below.

• looks like use www-data have sudo privilege:

• I’ve also checked the other user's home directory /home/ubuntu. Less the hidden file .bash_history and found the 3rd ingredients. SOLVED!!