As this challenge is to exploit the web application and gain shell so i didn’t use nmap to scan ports I directly jumped on the web. On the web I got a page where ‘Rick’ left a message for ‘Morty’ to help him.
After reading the message I checked the source code of the page and got something interesting.
With some manual enumeration I found a robots.txt file on the web server
It seems like this is a password for the username that i got in that page source.
With the help of gobuster I found a login page, So I can try that username and password on that page. Lets have a look.
I supplied those credentials to that login page
R1ckRul3s : Wubbalubbadubdub
And I was successfully login.
Then I found a command panel in side asking for command to fire.
So I fired a bash reverse shell on that command panel and started a netcat listner at port 9999.
And Yehhhh !!! I got the reverse shell.
Now to pass this challenge we need to find 3 ingredients and submit them as answer, So time to enumerate the box.
The first ingredient file found at the same location names as ‘sup3ps3cretPickl3Ingred.txt’
Then the second ingredients file was placed in /home/rick directory as ‘second ingredients’.
So till now I already have two ingredients and for the final one I need to get root.
Privilege Escalation Time !!
With the help of sudo -l command I found my way to root. DAMM EASY !!
And finally I found the 3rd ingredient file in /root/ directory. Challenge completed. !!! ;)