TryHackMe Room : https://tryhackme.com/room/picklerick
Aim : Exploit a webserver to find 3 ingredients that will help Rick make his potion to transform himself back into a human from a pickle.
Difficulty Level : Easy
Connect to the TryHackMe network using openvpn.
sudo openvpn /path/to/username.ovpnAt first I will open the provided url (will appear in picklerick room page) in firefox, the page we got :
There is nothing present directly on the page. Another thing we can do is , view the source code of the page . We get an username for some login page:
The next thing we should do is: get a password and a login url. For this we can use “gobuster” on entire domain:
gobuster dir -u victim_IP -w /path/to/wordlist/common.txt -t 200 -x .php -qgobuster dir -u victim_IP -w /path/to/wordlist/common.txt -t 200 -q
we get some interesting results here, going to /robots.txt , we get a text
also we have a /login.php page .
upon trying the username we got earlier and this catchphrase as password , we are successfully logged in. We have command panel on which doing ls -la , gives us:
cat Sup3rS3cretPickl3Ingred.txt
hmm, the cat command have been disabled, what can we do is to look for alternative for cat : we have “head”, “tail”, “less” and maybe more. Upon trying head and tail, it seems they have been disabled too , but less works 🙂 , we got the 1st ingredient:
less Sup3rS3cretPickl3Ingred.txt
For the next clue , we will do same with clue.txt file:
less clue.txt
So , we have to explore the filesystem to get more ingredients:
we have got 2 directories worth exploring , “/home” and “/root”, lets go to “/home” first:
we have found our 2nd ingredient ,now let’s go to /root , to see if we can find something of value there:
It’s time to make the potion to transform Rick back into a human from a pickle.
Black as My Coffee 