Step 1 : Connect to TryHackMe and start target machine.
- Download OpenVPN configuration setting from TryHackMe platform
- Connect to TryHackMe by running the command in kali terminal:
sudo openvpn /pathtoOVPNfile.ovpn
3. Start machine in ‘Pickle rick’ room — target ip address will be displayed in a minute.
https://tryhackme.com/room/picklerick
Step 2 : Information gathering using Nmap
- Start nmap scan of the target ip:
nmap -A -O <target ip>
Step 3: Detailed Findings
Open Ports:
22 : ssh
80 : http
- Accessing port 80
2. View source code > found user name
3. View robots.txt > found a hint
4. Checking dirbuster to find directories and files >Found login.php and portal.php
5. Navigating to login.php, login page is displayed
6. Logging in with found username from source code and password as hint found in robots.txt
Found command execution field
7. Run commands to check contains
ls
8. View details of listed files > found 1 flag >Sup3rS3cretPick3Ingred.txt
Tried reading the content of the file using cat, head, tail, more all were disabled, found less command working.
less Sup3rS3cretPickl3Ingred.txt
9. Searching all files with name ingredient
find / — iname ingredients
10. Display content from second ingredients.
less /home/rick/’second ingredients’
11. While searching the second file, found root folder using sudo.
sudo ls /root
12. Reading ‘3rd.txt’ data
sudo less /root/3rd.txt
With these steps, I was able to find all flags required to complete Pickle rick room on TryHackMe.
Thank you for reading this blog..