Try-hack-me

PICKLE-RICK : Walkthrough

Today I completed an other room on tryhackme with a Rick and Morty theme to it! Let's go and complete the room Pickle Rick from try Hack Me!

Scanning & Enumeration

A good rule of thumb is to start by scanning your machine for any open ports.

 #nmap -T4 -sC -sV -A -p- <target IP>


Enumerating Services

Port 22- ssh
Here we are able to see that our SSH port is open. This port isn't too vulnerable unless we have found some credentials. So we will not mess with it.

Port 80- http
It's here where we find a webservice. Lets see if there is anything interesting.


This webpage comes up on port 80. There’s no useful data in here.
But what if we check the page source?
Checking out the source code of a page can reveal all sorts of things. 

Great it looks like we have found a user name!!! 
Most websites will have a robots.txt file that will tell a browser what is and isn't allowed to index. So lets see if there is one for this site.
Success! It seems that there is a robots.txt for this site and in that file is a very obvious reference to the show Rick and Morty! Lets try this and see if it our password.
 
 <target IP>/robots.txt  

Bingo ..!!! Here's the password....

Finding hidden directories

We are going to be using gobuster to try and locate any directories that may have been hidden from us.

#gobuster dir -u http://<target IP> -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -x php,sh,html


It looks like GoBuster was able to find a few directories for us.
Let's check out the login.php

YES! We do have credentials through which we are able to login and were redirected to the command panel. 


Now since this page is called the command panel, lets try and actually enter in some command and see what happens.
If we enter in the #ls command we can see that some results are being returned. It would reflect that we have also found our first ingredient as Sup3rS3cretPickl3Ingred.txt. Let's explore the file on url:

<IP>/ Sup3rS3cretPickl3Ingred.txt

And here we got our first ingredient. One down two to go!

Lets go back to our command portal and use the ls command again. We see that there is a file call clue.txt, on opening the particular file we got the message as "Look around the file system for the other ingredient.

So lets go to the command portal and use #ls /home.
This will list out everything in our home directory.. and also look there is a directory called rick. Lets keep digging and use #ls /home/rick and within the rick directory we have a file called second ingredients.

On trying to retrieve this file using cat command it reflected an error telling us that the command has been disabled.
As an alternative, after searching on google we found out about less command. Let's use this and see if we can retrieve our second ingredient.

# less '/home/rick/second ingredients' 


And Mission accomplished, we got the second ingredient.

Now that we know the less command will work for us we just need to track down the third and final ingredient.
Lets see if we are able to use ls and get into the /root directory. It seems that we are not able to view anything in from the /root..  if we are able to use sudo to elevate our user privileges.

#sudo -l


Here we can see, we are able to combine sudo with any command and not get prompted for a password. This may be just what we need in order to see what is in the /root directory. We will just need to combine sudo and ls to see what all is in that directory.

 #sudo ls /root


Now that we have found the location of the third ingredient we are going to use less command to receive the contents of it, but remember since we are in the root directory we will need to add sudo to the front of our command.

#sudo less /root/3rd.txt


And here we go for our final ingredient...!!!





Thank you very much for reading. I hope you find this blog useful.

!!!!Happy Hacking!!!!



Comments

Post a Comment

Popular posts from this blog

Try Hack Me - Simple CTF

Image
  Try Hack Me    Simple CTF Walkthrough Simple CTF  Challenge on TryHackMe Platform is a beginner level CTF, if you want to learn about CTF's, this room is perfect for you! So let’s get going! Initially, let's deploy our machine get connected to THM VPN and then, we are ready to begin. We need to run a Nmap scan against the machine so that we know which ports are open and which services are operational on these ports. I am going to use an aggressive Nmap scan.   #nmap -A -sC -Pn <Target IP> Analyzing the above Nmap scan we now know the number of ports and their associated services that are running on the host. So we have 2 services running under port 1000 and ssh service running on the higher port. Also, as highlighted above, w e see that we have got an anonymous ftp login, let’s try to log in and see if we can find anything. From ftp access as shown above, we are able to gather some information as ForMitch.txt. We will further extract the file and let's see what outp
Read more
Image
  Try-hack-me Lian_Yu : Walkthrough This post is a walkthrough of an Arrowverse themed beginner CTF box on Tryhackme. Let’s get started by deploying the machine. Now, after deploying the machine, start with a basic Nmap scan and see which ports and services are open and running on the particular IP address. #nmap -A -sC -sV <target IP> Port 80 is open and running so let’s look at the webpage first.. The First step is to check the page source and robots.txt but no information found there, so let’s move to enumeration. #gobuster dir -u http://<target IP>/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt Looks like we have found a directory /island let’s look at it. The webpage looks like this at first instance but when I saw the source code I realized the the code word is also given in as vigilante but is in the white text. So here we got our code word.  I then ran gobuster again with the addition of the new directory I had found directory inside island di
Read more