TryHackMe “Picke Rick” Challenge Write-up
Hello,
This is how i solved TryHackMe’s “Picke Rick” Challenge.
Enjoy.
To start with, I deployed the Attack The Box machine and entered the web application we are supposed to exploit.
First of all, i checked the page source in order to search for any clues, and what do you know? We found a username!
Following this, since we are working with a web server, i decided to run a “gobuster” scan in order to check out further URL’s in the server.
Which gave me a few results
Peeking into /robots.txt, I came upon what looked like gibberish, and noted it aside.
Given that there is a username to enter, I figured there should be a login page. After trying to add /login.php at the end of the URL, I found the login page.
Trying the username I found and the text I found in /robots.txt as the password, BOOM, it worked and I am now logged in.
It looks like the portal contains a CLI, trying to check what files are in the current folder, I came upon the first ingredient and a clue.
Since it is not possible to use “cat” to view the files, I simply pasted the file names at the end of the URL.
First Ingredient: mr. meeseek hair
As the clue indicates, we need to look into the file system.
Lets try using “ls /home” to check which accounts exist on the server.
What do you know, if its not rick’s account. Lets check further into it.
Here we have it, the second ingredient out of three needed to solve the CTF.
Since it is not possible to use “cat”, we will try using “strings” command to view what the file contains.
Second ingredient: 1 jerry tear
Now, we have no further clues as of where the final ingredient is located.
After trying several different methods, I figured we might find the third ingredient in a higher privilege folder.
I used “sudo -l” to check if i have sudo permissions.
And i do, so lets look into the root folder on the server.
Here we go! third and final ingredient located. I used the same “strings” method in order to read it.
Third ingredient: fleeb juice
Thank you for reading.