About the Challenge

Pickle Rick CTF Room Link: https://tryhackme.com/room/picklerick

We need to help Rick to make his potion and transform him into a human from a pickle by finding three ingredients.
Basically, we need to exploit a web server in this Rick and Morty themed challenge.

 You can also refer to my Try Hack Me Pickle Rick CTF Video Walkthrough Here.

Lets get started with the challenge by deploying the machine

Now, open the browser and paste the IP address of the target machine into the browser.
By pasting the IP address you will be able to access the web application. Now, we will observe the website and note down anything that you feel is important.

Enumeration

Well if you don’t know what to look for first, i would recommend to check robots.txt

Found a Random Text

Looks like we found some random text “Wubbalubbadubdub”. we will try to make a note of the text and save it somewhere for future use.

Page Source

Lets inspect the page source/ Inspect and see if we find anything important.

Woh! Have a look , we just found a username “R1ckRul3s”. Also, i have a feeling that the text we
found earlier could be a password.

Login Page

So the next thing we need to look for is a login page. Lets see if we find it.

Now we will try to enumerate the website by using Nmap,
Lets scan using Nmap.

We found a couple of open ports.

Dirbuster

Lets use Dirbuster to find any hidden directories.

so, we will try to fill up all the details in dirbuster, go ahead and select the dirbuster wordlist and increase the number of threads for faster search.
I will be using the 2.3-medium.txt wordlist from dirbuster.

Lets start the Dirbuster and sit back and relax until the tool finds hidden directories.

Looks like Dirbuster found the Login page of the Website for us.
lets explore the login page.

We can now go ahead and try out the Username and the text we found earlier in the username and password field, and click Login.

Surprisingly, it turns out that its the right username and password.

Command Panel

Hey, interestingly we come across a control panel.
we will try a few commands to see if it gets executed.

We found a text file Sup3rS3cretPickl3Ingred.txt. lets open and see what it has.

Commands Disabled

I guess the admin has disabled or blacklisted a few commands.

But we have to modify out commands as the admin has disabled a few commands.

Found the 1st Ingredient

Great we found the First ingredient.

Lets Paste it as the result.

Time to search the 2nd Ingredient

Now we need to look for the 2nd Answer.

Lets go ahead and open the other file clue.txt
We got a clue to look in the file system.

Lets check the home folder.

Found the Rick folder

lets open the folder ,we found the file for the 2nd ingredient.

Found the 2nd Ingredient

Lets open it and we found the 2nd Ingredient. Now lets enter the answer in the result section. Now we just have to find the 3rd ingredient.Lets look around if we can look anywhere. The only option we have right now is to look into the Ubuntu Folder.

But we need to get privilege escalation to open the folder
so lets get the root privilege.

Now we got the root status.

Looks like we found a 3rd txt.
lets go ahead and open it

Found the 3rd Ingredient

Hey congratulations, we found the 3rd ingredient.

Lets paste all the ingredients into the Answer field.

Pickle Rick Capture the Flag CTF completed

Congratulations. we completed the Capture the Flag challenge successfully.

If you have any doubts while solving the Challenge you can watch my Video Here

Conclusion

Hey Reader, congratulations to you as well on completing this capture the flag challenge.
While the Pickle Rick room is a easy challenge, but its a significant feat in completing this CTF challenge.
In case you Have not yet tried the challenge. I would like to thank you for reading my Pickle Rick CTF Write- Up. IF you want to try the Try Hack Me CTF, I’ll leave the link down here. Go ahead and try it.
Pickle Rick CTF Room Link: https://tryhackme.com/room/picklerick

Also You can Learn about Computer Networking Here.

Happy Hacking!