Introduction

We performed an Nmap scanning to enumerate open ports and we discovered an HTTP service which after enough enumeration we were able to extract username from the page source code. Using directory brute force we were able to discover a password in robot.txt file which led us to log in to the web application. Enumerating the web application for vulnerabilities using the authenticated access we discovered a vulnerable command module which enabled us to gain reverse shell and extract the ingredients related to the challenge. Linux privilege escalation was accomplished by exploiting sudo permissions to gain Root shell.

This Rick and Morty-themed challenge requires you to exploit a web server and find three ingredients to help Rick make his potion and transform himself back into a human from a pickle.

To Complete the challenge, we performed an Nmap scanning to enumerate open ports and we discovered an HTTP service which after enough enumeration we were able to extract username from the page source code. Using directory brute force we were able to discover a password in robot.txt file which led us to log in to the web application. Enumerating the web application for vulnerabilities using the authenticated access we discovered a vulnerable command module which enabled us to gain reverse shell and extract the ingredients related to the challenge. Linux privilege escalation was accomplished by exploiting sudo permissions to gain Root shell.

Get OSCP Certificate Notes

Challenge Answers

What is the first ingredient that Rick needs?

 

What is the second ingredient in Rick’s potion?

 

What is the last and final ingredient?

 
Video Walkthrough
 

 

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles