Pickle Rick[THM]: Writeup

A write up covering steps taken to solve Beginner level CTF : Pickle Rick room in TryHackMe platform.

This blog is written as part of task of Masters Certification in Red Team Program from HackerU.

Step 1 : Connect to TryHackMe and start target machine.

1. Download OpenVPN configuration setting from TryHackMe platform
2. Connect to TryHackMe by running the command in kali terminal:

sudo openvpn /pathtoOVPNfile.ovpn

3. Start machine in ‘Pickle rick’ room — target ip address will be displayed in a minute.

https://tryhackme.com/room/picklerick

Step 2 : Information gathering using Nmap

1. Start nmap scan of the target ip:

nmap -A -O <target ip>

nmap output

Step 3: Detailed Findings

Open Ports:

22 : ssh

80 : http

1. Accessing port 80

2. View source code > found user name

3. View robots.txt > found a hint

4. Checking dirbuster to find directories and files >Found login.php and portal.php

Output of dirbuster

5. Navigating to login.php, login page is displayed

6. Logging in with found username from source code and password as hint found in robots.txt

Found command execution field

7. Run commands to check contains

ls

8. View details of listed files > found 1 flag >Sup3rS3cretPick3Ingred.txt

Tried reading the content of the file using cat, head, tail, more all were disabled, found less command working.

less Sup3rS3cretPickl3Ingred.txt

9. Searching all files with name ingredient

find / — iname ingredients

Path to 2nd flag

10. Display content from second ingredients.

less /home/rick/’second ingredients’

found 2nd flag

11. While searching the second file, found root folder using sudo.

sudo ls /root

12. Reading ‘3rd.txt’ data

sudo less /root/3rd.txt

found 3rd flag

With these steps, I was able to find all flags required to complete Pickle rick room on TryHackMe.

Thank you for reading this blog..