TryHackMe: Pickle Rick Walkthrough
Deploy the machine and start with basic enumeration part using the tool nmap. The command used is: nmap -sSV -Pn MACHINE_IP
We found two open ports that are 22 and 80.
We have nothing to do with ssh service right now. So, go to the browser and open the web page. Hmmmm!!! But we didn’t find anything interesting here.
View the page sources of the web page. A username is commented here. Make a note of it for future use.
Lets go for the directory search using the tool gobuster.
The command used is: gobuster dir -u MACHINE_IP --wordlist /usr/share/wordlists/dirb/common.txt
We found /robots.txt on performing directory search. /robots.txt is always our friend. Browse to MACHINE_IP/robots.txt
And here we got our password. Now let us figure out where to use this username and password. While doing nmap scan we found that port 22 is open and ssh service is running on it. May be we can use the found credentials there. Lets check….
Using command: ssh username@MACHINE_IP to connect to ssh service.
OOPS!!! permission denied. Now what???
Lets perform directory search again using another wordlist. May be we can get some login page or something.
Yesss!!! We got it right. There exists a login.php page.
Browse to MACHINE_IP/login.php. Enter the credentials.
And we are successfully logged in. It is a command panel on which we can execute linux commands.
Start with executing most basic command that is ls to list out the files and folders present in the directory currently we are in.
We got some .txt files, .php files, etc. Out of these files one is our first ingredient.
Browse to MACHINE_IP/filename to get the ingredient.
Our next step would be reading the content of clue.txt. May be this file can give us an idea to proceed further to get next ingredient.
Browse to MACHINE_IP/clue.txt
Clue is: “Look around the file system for the other ingredient”. It means that we have to look into different directory may be.
We have so many directories in linux file system. We can start searching from the home directory. Home directory contains different directory for different users of the system. We found two users.
Lets go to the user rick’s directory. Here we found the files of second ingredient.
Lets read the content of the file using cat command. But this command is disabled.
Let us find out an alternative for cat command. less command can also be used to read the contents of files in linux. Try using less. It worked. Take the second ingredient.
Now for the third ingredient we can try and check in the root directory. We cannot use command ls /root. Lets find out if we are able to use sudo to elevate our user privileges.
Using command sudo -l.
We can use sudo with any command to elevate our privileges. So, try using command: sudo ls /root. Here we got the text file for the third ingredient.
Try using cat command but it is again disabled.
Using less we got the third ingredient.
Congratulations!!! for successfully completing the room.
Thank you:-)
