Hello. I’m Sloane. I’m going to do Pickle Rick room from tryhackme.com. This room is created by tryhackme. Lets go!
Our goal is to exploit a webserver and find 3 ingredients to help Rick.
I’ll start running rustscan tool to find open ports, vulnerabilities, etc.
As we see above there are 2 open ports. 22 and 80. I’ll browse the ip address.
I’ll check the page source code.
I found a username on the page source code.
Next step is to run gobuster to find directories and files.
Well, it has already found some useful pages. I’ll check them on the browser.
We have a login page. This is awesome. Lets see what we can do here. Firstly, I’ll check the page source code.
As we see nothing is useful here. I want to check the other pages as well.
I found a text in the robots.txt page. Lets figure out what is it for.
I used it as a password and it was a successful login.
After I login, there was a command panel.
From here, I’m thinking about using a code and exploit it. I’ll start my netcat listener then I’ll create a reverse shell. I’ll put my reverse shell to the command panel. I’ll run and execute it.
I used this website to create a shell https://www.revshells.com/. I tried different shells until one of them works.
And finally one of them worked!
I’ll stabilize my shell.
I’ll enumerate the machine.
It seems I found one of the ingredients.
I read the clue.txt file.
And then I found the second ingredient.
For the 3rd ingredient I wanted to check the root directory. But the permission denied. I needed to escalate my priviliges. I run this command sudo -l. It seems I can be root without a password because it says ALL. No password needed for any user for any command which I’m guessing. So I did run the command sudo su. It gave me root privileges. And I found the last ingredient.
Thank you for reading!
