CTF: Pickle Rick
I recently completed the Pickle Rick CTF on TryHackMe. Below is my write-up and lessons learned. I have been enjoying TryHackMe over the last month for several reasons. I find that the rooms, modules, CTFs, etc. are well laid out. I also enjoy that when doing a CTF, I have the ability to watch a video of the CTF. Also, after completion I will look at the several write-ups TryHackMe has posted on that CTF and learn how others solved to get the flags.
Ping, Ports, Nmap
I started by challenge by pinging the IP (ping 10.10.169.229). After that I utilized Nmap to understand what ports and services were open. Below is the output I received from the following command: nmap -sV -O 10.10.169.229.
- Port 22 — SSH — 4ubuntu2.6
- Port 80- HTTP — Apache http 2.4.18
Port 80 tells me that the Apache server is most likely running a website. I type the following address (10.10.169.229:80) into Firefox. The website stated that Rick has turned into a pickle and needs Morty to logon into his computer because Rick forgot the password! If Morty can find the ingredients (flags) Rick will be able to create a potion to turn himself human again!
As everyone knows, right clicking on a webpage and clicking “View Page Source” makes you a master hacker (talking about you Missouri). I did this and saw a username that is most likely associated with Rick, “R1ckRul3s”. Before moving on to trying to find directories I tried the web server IP plus /dev and /directories at the end; I found nothing.
Directories
From doing several CTFs, I have learned that there are usually hidden directories (even I hide directories on my own computer). I started my scan for directories by using DIRB. The following command was used: dirb http://10.10.169.229.
DIRB found several directories. I was most interested in the text file. I typed the following into Firefox: 10.10.169.229/robots.txt. Below is what I received from the text file. The output was not a flag, but it was worth noting as it might be useful shortly
Web Server Vulnerabilities
My next step in finding the second ingredient (flag) was to check the web server for vulnerabilities. I utilized Nikto to find the login portal. By utilizing the command nikto -h 10.10.169.229, I was able to find the login portal.
Login & Linux Commands
After finding the login page, I went to the following website: 10.10.169.229/login.php. I was able to use the username found earlier and tried the Wubbalubbadubdub phrase I found as password. I was able to successfully login and I was greeted with the following screen.
I wasn’t sure what I was looking at, but I tried the “ls” command from my knowledge of Linux. That allowed me to find a text file that was most likely the first ingredient (flag). Below are results I received from typing the IP and text file name into Firefox.
From here I went back to the command panel page. From my experience with Linux I know there is typically a /home directory. The find /home command typed into the Commands line gave the following output.
The following command is how I received the second ingredient: less /home/rick/second ingredients. Output from that command is below.
To find the last ingredient I figured there has to be a root user. The find /root command did output the root user. I tried the following command: ls -la /root, but I was being denied access. I was confused for a few moments, but realized I needed the sudo prefix. Sudo ls -la /root was able to get me the following output.
Using the less command I was able to find the third and final ingredient. Below is that output.
Lessons Learned
Overall, I felt more comfortable in this CTF. I feel I am starting to understand commands and tools better. This challenge helped me grow my Linux command knowledge (less, find, /root, /home). Overall, I have been enjoying CTFs more because they are helping me learn more technical skills I want to develop.
Thanks for reading. Cheers!
