TryHackMe is an online platform that teaches Cybersecurity through hands-on virtual labs. Whether you are an expert or beginner, learn through a virtual room structure to understand theoretical and practical security elements.
PickleRick is an easy room on TryHackMe for beginners to explore.
You have to first signup to join the room. There are few simple steps that you can follow in the Signup page. Next follow the steps in the Welcome room to configure the VPN connectivity.
I have connected to TryHackMe network using OpenVPN on Kali Linux. Once you connect, the access page will confirm the status by confirming your IP address and status.
The Task is to find three ingredients. Click on Deploy to start the target machine.
Allow few minutes for machine to boot up and all services to start. Once the IP address is displayed, start enumeration using nmap.
The -sV option along with nmap will do a service finger printing as well. Port 22 and Port 80 are open. Explore the webservice using a web browser.
The web page didn't give much of any clue. Check the source code of the web page.
There is a Username revealed. That is in a comment as Note to self.
Robots.txt has some random text. It could be a password. Keep a note of all findings. Use gobuster to enumerate directories.
The gobuster with the help of wordlist common.txt found few pages which we have already checked. Run Nikto to see if there are any vulnerabilities or weak links.
Nikto discovered a login.php page. Explore the page.
It requires credentials to login. Use the Username found in the page source and also the test found in robots.txt as password.
Once logged in we can see a command panel. Check by running few linux commands.
The commands work and the command whoami returned the username as well.
The pwd command revealed present working directory. Start exploring user home directories to find the ingredients required to complete the task.
Looks like we have found a secret ingredient. We can't use many commands like cat or more. since they are all blacklisted. It can be checked from the source of the page. It contains all the blacklisted commands.
We have found the first ingredient by using less command, Validate the same on TryHackMe.
Two more to go.
Check the file clue.txt
The clue was to look around the filesystem. Also check whether the current user has any sudo permissions on the machine.
The sudo -l command revealed that the current user has sudo permission to run all the commands on this machine. Use the sudo to list the contents of each of the home directories.
There are two home directories. rick and ubuntu. Look for the ingredients within those home directories.
We have found another secret ingredient. Validate the same on TryHackMe.
One more to go. Check in the root directory.
The ingredient may be in the file 3rd.txt
Validate the 3rd ingredient on the TryHackMe.
Congratulations!! you have found all the 3 secret ingredients.
An alternate method would be to use commands to generate a reverse shell. This machine has a python running too. You can use python commands to spawn a reverse shell to your terminal with netcat.
Make sure to run netcat on a terminal on attacking machine. And use the python script in pentestmonkey to spawn a reverse shell. In this second method you may get a feel that you have PWNed the machine when compared to the first method.
Hope you try this out. Good Luck!!
I hope this write-up was informative for you. Please leave a feedback. Thank you
-Srivathsa Dhanvantri
Comments