Skip to Content
SynopsisWalkthrough (without spoilers)ToolsScreenshotsLessons & Skills Gained

Synopsis

This Rick and Morty-themed challenge requires you to exploit a web server and find three ingredients to help Rick make his potion and transform himself back into a human from a pickle. 


Platform

TryHackMe 


Level

Easy

Walkthrough (without spoilers)

It appears that Rick has transformed into a pickle and requires Morty’s assistance in gathering the final three ingredients needed to revert to his human form. To accomplish this, Rick needs Morty to access his computer. However, there is a challenge—Rick has forgotten his password.




My Approach

  • Since we were given a Target IP, I used nmap to scan for open ports.
  • I found that port 22 and 80 were open. 
  • Since I do not know the username or password I ignored port 22 as I cannot SSH to his machine.
  • I then assumed it's a webpage, so I pasted the IP address within the browser
  • Read the contents on the webpage. From there I started poking around to see if I can find any clues for a username or a password.
  • Inspected the page and found the username, commented out within the HTML.
  • I then started to see if there are other pages (specifically /login)
  • From my current job, I remember that there was a page that shows which pages web crawlers can access (/robots.txt). Found no webpages but I did find a bunch of gibberish. I thought that this could be the password, so I noted it.
  • I gave up on looking for other potential passwords and started looking for the login page to at least attempt to see if what I found was the password (no luck).
  • I attempted to SSH but it failed
  • Learned about a new tool, Nikto. Used Nikto to see if there are any vulnerabilities within the webpage. 
  • Found the login page. Used the credentials that I found and it worked. I'm in!
  • Seems to be a command panel type layout.
  • Used Bash to traverse through the terminal. Took me awhile to find the last three ingredients but I completed the task.



Takeaway

As a beginner, this was not easy lol. Learned how to use a new tool called Nikto and was able to put my Bash knowledge to the test.



Tools

  • nmap
  • nikto
  • Bash

Screenshots

















Lessons & Skills Gained


Participating in this CTF challenge provided me with valuable insight into the mindset of hackers and their approach to exploiting vulnerabilities. Throughout the challenge, I had the opportunity to work extensively with Nmap, a powerful network scanning tool, and explore a new tool I had never used before—Nikto, a web server vulnerability scanner. Learning to effectively utilize these tools has enhanced my understanding of Threat Hunting and Incident Investigations, both of which are crucial aspects of cybersecurity.


Additionally, this experience reinforced the importance of proactively monitoring my network environment to detect and mitigate potential threats before they escalate. I also gained hands-on practice with Bash commands, improving my ability to navigate the terminal efficiently. Overcoming restrictions on certain commands challenged me to think critically and find alternative methods to execute tasks, further expanding my knowledge of command-line utilities and their various options.


Overall, this CTF not only strengthened my technical skills but also deepened my strategic approach to security, making it a valuable learning experience.