hacktricks/ctf-write-ups/try-hack-me/pickle-rick.md
carlospolop f0e09e3f54 social
2023-03-06 00:16:20 +01:00

4.6 KiB

Pickle Rick

Pickle Rick

HackTricks in 🐦 Twitter 🐦 - 🎙️ Twitch Wed - 18.30(UTC) 🎙️ - 🎥 Youtube 🎥

This machine was categorised as easy and it was pretty easy.

Enumeration

I started enumerating the machine using my tool Legion:

In as you can see 2 ports are open: 80 (HTTP) and 22 (SSH)

So, I launched legion to enumerate the HTTP service:

Note that in the image you can see that robots.txt contains the string Wubbalubbadubdub

After some seconds I reviewed what disearch has already discovered :

And as you may see in the last image a login page was discovered.

Checking the source code of the root page, a username is discovered: R1ckRul3s

Therefore, you can login on the login page using the credentials R1ckRul3s:Wubbalubbadubdub

User

Using those credentials you will access a portal where you can execute commands:

Some commands like cat aren't allowed but you can read the first ingredient (flag) using for example grep:

Then I used:

To obtain a reverse shell:

The second ingredient can be found in /home/rick

Root

The user www-data can execute anything as sudo:

HackTricks in 🐦 Twitter 🐦 - 🎙️ Twitch Wed - 18.30(UTC) 🎙️ - 🎥 Youtube 🎥