Pickle Rick

Room Link: https://tryhackme.com/room/picklerick

Scanning

Initial Scan

nmap -A $VICTIM

Scan all ports

No other ports found.

nmap -sV -sT -O -p 1-65535 $VICTIM

HTTP port 80

dirb http://$VICTIM:80 /usr/share/wordlists/dirb/big.txt

Found Ricks username in the page source of the main page

robots.txt just had this, could be a password.

Ran the same dirb scan again except looking for .php files, I was able to find some pages.

dirb http://$VICTIM:80 /usr/share/wordlists/dirb/big.txt -X .php
Website: http://$VICTIM/login.php
Username: R1ckRul3s
Password: Wubbalubbadubdub

Login worked

First ingredient found, also tried doing a reverse shell with netcat but not working

Clue to look around.

Second ingrediant found

www-data can actually run any command with sudo without entering a password.

The last ingredient is found in the root directory.

SSH port 22

Tried logging in with the username and potential password we found but ssh fails right away before entering a password.

ssh R1ckRul3s@$VICTIM

Username: R1ckRul3s
Password: Wubbalubbadubdub
PreviousUpload VulnerabilitiesNextJohn The Ripper

Last updated