Pickle Rick | TryHackMe

This walkthrough is about the CTF challenge we have to find the flag by exploiting the target. So let’s dive into the Tryhackme challenge. After I started the machine I saw a webpage it looks

Then I further dig into a website I got a username through the source page

Then Search for password and login page for that I use dirsearch command to brute force the directories

After brute-forced I found out useful information such as robots.txt and login.php.

I dug into the robots.txt I got the password which is Wubbalubbadubdub

I use those credentials to login into the login.php

After logged in I found the shell successfully and I give some commands whether any useful information was hidden.

After I entered the ls command it showed some useful information

I use cat Sup3rS3cretPick13Ingred.txt in the shell but it is whitelisted

So I reverse connection from the system whether it would connect or not for that I use the list of commands from the pentest monkey website. First I used Perl command not worked then I moved on to python command which worked!!! Fine for me

I changed python to python3 It only worked!!!

After gaining the shell got the first flag using “cat Sup3rS3cretPick13Ingred.txt”

It was Mr . Meeseek Hair

Then further digging I got Second flag by privilege escalation

Using command python3 –c ‘import pty;pty.spawn(“/bin/bash”)’

By easy trick, I logged as a root user by using “sudo bash”

Then I got the second flag

Finally, I got 3rd flag by