THM - Pickle Rick

This is a fun and easy CTF complete. It is great CTF for people new CTF's/ Offensive security. I hope you have fun.

Nmap

sudo nmap -sC -sS -sV -oN Initial 10.10.3.247

We find 2 ports open, port 22 and port 80.

Lets navigate to the webpage on port 80.

It gives a friendly hint to use burp. However, you will find a username in source code comments that will say:

    Note to self, remember username!

 

    Username: R1ckRul3s

 

Finding Directories

So for this I decided to run gobuster on the target. However, while I was waiting, I decided to try and manually find some pages we may be able to navigate access.

I guessed the directory /login.php/

Great we have a login page.

Before I took this any further and try and use hydra to brute force this login, I thought I better have a look at robots.txt.

We find some text that says: Wubbalubbadubdub 

Using the credentials:

R1ckRul3s: Wubbalubbadubdub

We can login and we are taken to portal.php/

 

 

Getting All Flags

First thing I do is test, what commands I can run from this page.
First command I try is ls.

First flag

I tried to cat the first file, but to add a minor inconvenience, you cannot use the command cat.

You can however use the command tac.

Run: tac Sup3rS3cretPickl3Ingred.txt

 

Second flag

During this point I decided to try sudo -l

Okay so, this showed the CTF was going to be quite easy, as we can run pretty much anything with sudo and no password needed.

 

The second flag is located in /home/rick/.  Run: ls /home/rick/

Run: tac /home/rick/”second ingredients”

This gives you the second flag.

 

Third flag

The third flag is located in the root directory. So will we need to use sudo to get the flag.

Run: sudo ls -a /root/

Run: sudo tac /root/3rd.txt