TryHackMe CTF (Pickle Rick)

By: Nicholas Werner

Starting off with an nmap scan.

Here is the web page at 10.10.121.86

I right-clicked, inspected source code and found the username: R1ckRul3s

Ran DirBuster.

Found some interesting files and directories.

I found a possible password on /robots.txt

Username: R1ckRul3s

Password: Wubbalubbadubdub

The login was successful!

ls allows me to see what files are in my current directory.

When I typed both of these commands below Igot the same error page.

cat Sup3rS3cretPickl3Ingred.txt

cat clue.txt

When I type the command below into the Command Panel I am able to find the first ingredient when I scroll through the page.

grep -R . prints out everything in the file system

I then inspect the page source to find base64 string.

I put it into the decoder and realize that I need to keep decoding until I get plaintext.

I ended up getting the text “rabbit hole” so I have hit a dead end with this.

I then think that perhaps putting a script into the Command Panel could get me a reverse shell and the other 2 ingredients so I go to the pentestmonkey reverse shell cheat sheet.

I want to use the Python reverse shell.

Copy and paste the shell into the Command Panel.

Change the IP address to your tun0 and change the port to 4444 and change Python to Python3.

Start a netcat listener on the port that you assigned to your script.

Press Execute on the Command Panel and now we have a reverse shell.

ls shows that we are in the same directory as before so we type cd /home to change into the /home directory.

ls

cd rick

cat “second ingredients”

Looks like we found the second ingredient!

Finally, we want to get root access.

sudo su

id shows that we are now root

cd /root to get to the /root directory

ls

cat 3rd.txt

We found the final ingredient!