This Rick and Morty-themed challenge requires you to exploit a web server and find three ingredients to help Rick make his potion and transform himself back into a human from a pickle.
Q1: What is the first ingredient that Rick needs?
I started with a Nmap scan to see which ports are open on the web server.
Since Port 80 HTTP was open, I checked out what content was on the main home page.
Next, I viewed the page source and found a username “R1ckRul3s”.
I decided to run gobuster to see if I could find other web directory pages.
The “robots.txt” looked interesting as it could contain hidden resources or confidential data. I checked it out and found “Wubbalubbadubdub” which I assumed was a password.
Next, I checked out the “login.php” page and successfully logged in with the username and password I found.
Once logged in, I found a command panel.
I ran “ls” and found a number of files and directories.
I checked out “Sup3rS3cretPickl3Ingred.txt” file and found the answer to the first ingredient mr. meeseek hair.
Q2: What is the second ingredient in Rick’s potion?
I discovered I could not use the “cat” command.
I tried seeing if there was a “home” directory and found a user “rick”.
I went into the user directory and found “second ingredients” directory.
I went into the directory and found the second ingredient 1 jerry tear.
Q3: What is the last and final ingredient?
To find the third and final ingredient, I checked if I could do privilege escalation to root.
It looked like there was no root password. I was able to get into the root directory.
I checked the “3rd.txt” file and found the third ingredient fleeb juice.
Tools used in the Pickle Rick CTF:
- Nmap (Port Scanning)
- Gobuster (Directory Bruteforcing)
