Pickle Rick
Rick and Morty themed VM with a web server.
Last updated
Rick and Morty themed VM with a web server.
Last updated
This room can be found .
First, we launch an nmap scan.
We can see that ports 22 & 80 are open, let's checkout port 80 first.
This seems to be the home page, let's check the source of the page. Sure enough, there is something interesting here, a username:
Since this is a web server, let's enumerate the pages on this. I'll use dirsearch for this but gobuster can also be used.
It seems we have a login page, but let's check the robots.txt file. In this file we only have the text "Wubbalubbadubdub". Maybe this is the password for the login page. Let's check it out now.
Let's try the username we got on the home page and the "Wubbalubbadubdub" string we got on the robots.txt file.
Sure enough, we are in!
It seems we have a command panel where we can input commands. Let's try a simple ls first.
It seems we have our first flag! Let's cat it so we get the content.
Let's try some other commands, see what we can do. First let's find out who we are by running whoami.
Now let's see if we can do anything as sudo by running sudo -l.
On my Kali machine, I'll launch ncat with nc -nlvp 4444. Then we can initiate the shell by typing sudo bash hello.sh into the command panel.
And so we have a root shell!
Now let's search for the remaining flags. Let's check the /home directory first.
We can check Rick's home folder if there is anything interesting.
Something tells me the third flag is in the /root directory, so let's check it out.
We can see that the cat command is disabled, but we can easily work around this by using another command, such as less. First down, two to go.
Okay! we can pretty much do anything, which means we can launch a reverse shell with root! Let's create the reverse shell and add execution privileges first (). I'll type these commands into the command panel:
Second flag done!
And there we go! We have all the flags
