This Rick and Morty-themed challenge requires you to exploit a web server and find three ingredients to help Rick make his potion and transform himself back into a human from a pickle.
Task 1 Pickle Rick
As usual, we start by scanning the remote server with nmap.
From the scan output, we see that ports 22 and 80 are open. This indicates that a web server is running. Let’s visit it.
We are greeted by a Rick and Morty-themed website. Let’s keep exploring.
When examining the page source code, we see that a username was left in the HTML comment lines. This is a critical clue for the login page we’ll discover later.
In robots.txt, we find another hint. It seems we’re at the end of our manual exploration, so let’s use Gobuster to see which pages are available.
gobuster dir --url http://machine_ip --wordlist /usr/share/wordlists/dirb/common.txt -x php,html,txt
As you can see, we discovered a login page. Now it’s time to use the clues we found.
Let’s try the username found in the page source and the clue found in robots.txt (which I suspect is the password)
Just as I suspected! After logging in, we’re greeted with a page where we can execute commands, and running the ls command shows the contents of the directory, as expected.
Using the PHP reverse shell code from the Pentest Monkey Reverse Shell Cheat Sheet, we establish a reverse connection to our machine.
Before running the reverse shell code, we need to listen on the port specified in the reverse shell code using the netcat tool.
Connection successful.
In the current directory, we find the 1st ingredient and another hint in clue.txt.
In the home directory, under the “rick” folder, we find the 2nd ingredient. We need root privileges for the final ingredient.
find / -perm -4000 -type f 2>/dev/null
We use this command to find files with the SUID bit set. We then elevate our privileges with sudo su.
In the root directory, we find the 3rd ingredient.
Don’t forget to share this post if you found it helpful!