Perform an nmap scan using the default SYN-SCAN (-sS) option and the -A (OS and Server Version Detection) as shown on line 1 below.

Copy to Clipboard

Access the web server on port 80 and choose to review the source code on the page presented. You will notice an HTML comment on line five as shown below. Note this for future use.

Copy to Clipboard

Next we will run “gobuster” as shown below to enumerate sub-directories utilizing the “dirb/common.txt” wordlist.

Copy to Clipboard

The robots.txt file reveals a single entry as seen below.

Copy to Clipboard

Run gobuster with the “-x” option as shown below. This is to include data with a .php extension.

Copy to Clipboard

You can see that a page named “login.php” is enumerated. Use the prior strings that were found “R1ckRul3s” and “Wubbalubbadubdub” to log onto the web application.

Copy to Clipboard

Begin by listing the files in the current directory with the provided input box.

Copy to Clipboard

Utilizing commands such as “cat”, “more”, and “head”, among others, has been disabled.

CyberTutorials.org - TryHackMe - Pickle Rick - Commands Disabled
Copy to Clipboard
Copy to Clipboard

A simple “sudo -l” from the Command Panel reveals that the current user can run any command super user. We decide to list the contents of the “root” users home directory.

Copy to Clipboard
CyberTutorials.org - TryHackMe - Pickle Rick Completed