Information

Rick and Morty CTF (TryHackme)

Target IP: 10.10.62.216

Reconnaissance

Scan the target using Nmap to gather information on what ports and services are running on the target

This shows us that Port 22 (SSH) is open, and Port 80 (HTTP) is open.

Now that we know a website is living on the target, we scan the website using dirb to enumerate the directories and files inside the web server.

Dirb found the files, index.html, robots.txt, and server-status. Dirb also found a directory named assets.

Navigating to the website displays the index page

Inspecting this with the developer tools leads you to find a username

Viewing the robots.txt

This looks like it could be a password

Using Nikto to scan the web application

Navigating to the login.php page that Nikto found and entering in the username and password we got from robots.txt

Trying to cat Sup3rS3cretPickl3Ingred.txt

Flags

Since the cat command seems to be disabled, we need an alternative, less can be used for this.

We now have the first flag, now to see what user account you’re running commands on, run

whoami

To get the users on the home directory, run

ls /home

We have two users, rick and ubuntu. LS-ing the rick users directory

Less the second ingredients directory

We now have the second ingredient.

To view what commands the user is able to access, run

sudo -l

From this output we’re able to see that sudo commands do not require a password. Therefore we can directly access the root directory by doing,

sudo ls /root

Less the 3rd flag to complete the CTF and get all 3 flags