【THM】Pickle Rick-Practice

本文相关的TryHackMe实验房间链接:https://tryhackme.com/room/picklerick

Difficulty: Easy

This Rick and Morty-themed challenge requires you to exploit a web server and find three ingredients to help Rick make his potion and transform himself back into a human from a pickle.

端口扫描

1
nmap -p- -sC -sV -T4 10.10.167.91 

image-20231112094536549

开放两个端口 22, 80

访问80端口

1
gobuster dir -u http://10.10.167.91 -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -x php,sh,txt,cgi,html,css,js,py

image-20231112100056202

首先访问80端口,查看源代码发现username

image-20231112111349996

1
2
3
4
5
index.html是首页,和之前访问网站时的默认页面一样,
login.php是登陆页面(这个要关注一下),
assets目录下有一些网站资源文件(看了一下没啥特别的),
portal.php访问时会自动跳转到之前的login.php页面,估计要登陆后才能看到,
robot.txt文件有一串字符为Wubbalubbadubdub,可能是登陆密码。

image-20231112111605000

利用命令面板,输入命令查找文件信息,找到第一个flag(无法通过cat命令查看,但可通过url路径进行访问)

image-20231112111631353

image-20231112111658074

mr. meeseek hair

或者用less

image-20231112111839557

查看其它文件

image-20231112112934373

image-20231112113042568

有rick

image-20231112113106312

image-20231112113206480

现在查找第三种原料

1
2
sudo -l
#列出目前用户可执行与无法执行的指令,发现我们可以通过sudo免密码使用root用户

image-20231112113251821

image-20231112113523765

fleeb juice