Pickle Rick

Hi Techies,

In this article we will see about Pickle Rick machine on TryHackMe. This is a beginner level machine.

Deploy the virtual machine on this task and explore the web application.

Deployed

Once, the machine is deployed connect it to VPN & check the connectivity

Checking Connectivity

Enumeration / Reconnaissance

We will check for the open ports of the vulnerable machine

Enumeration

Port 80 & port 22 is open

In-order to get more information, will go with gobuster.

#gobuster dir — url http://10.10.119.63/ — wordlist /usr/share/wordlists/dirb/common.txt

Gobuster

Since, port 80 is open, we will check with the web server.

In the web browser we can see an image, where we can’t find any useful information.

Web server

We will check with the page-source of the web server

By checking the page-source, we found the username is R1ckRul3s

Page-source

As we got some information from gobuster we will try with each file

In robots.txt, we got a password

robots.txt

/assests

After checking all files, there is no hint.

So, i did gobuster again in-order to find any other files using php

##gobuster dir — url http://10.10.119.63/ — wordlist /usr/share/wordlists/dirb/common.txt -x php

gobuster

Here i got more files & directories

Here, i visited denied.php file, it re-directed to the login.php page

As we already got the credentials, we will login .

login.php

1. What is the first ingredient Rick needs?

Here, the portal.php page open with command panel to execute

portal.php

In-order to find the list of files

#ls

Here we got “Sup3rS3cretPickl3Ingred.txt”

first ingredient hint

In-order to find the text file, Copy & paste it in url

We will get the first ingredient

First ingredient

2. Whats the second ingredient Rick needs?

Check for the home directory

#ls /home

Second ingredient

We got two files, Let’s check for rick

It contains the second ingredients

#ls /home/rick

Second ingredient

To Know the ingredient

#less /home/rick/”second ingredients” & execute

Second ingredient

3. Whats the final ingredient Rick needs?

We always know, that final flag will be of Privilege Escalation.

There is another file in the home directory. Let’s check it

Third ingredient

#ls -la /home/ubuntu

To escalate it

#sudo -l

We get to know we can run all the files without password

Privilege escalation

So, directly we are login in with root

#sudo ls /root

Here, we got something like 3rd.txt

Third ingredient hint

To find the 3rd ingredient

#sudo less /home/root/3rd.txt

Third ingredient

We found all the flags

We cracked the box of Pickle Rick.

I hope this box is very fun & interesting to crack it.

Thank You!!!