As always, the first thing we need to do is to run scan for open ports
As we can see, there are three open ports on the machine; 22, 80, and 2301. However, let’s focus on port 80 as that would more likely to give us something to work with.
Here’s the webpage:
It’s a plain static webpage so not much information right there. Let’s check if we can find something interesting on the page source.
A username! That’s not very smart Rick!
Another common hidden file on webpages like this is the robots text file.
So now we have a username,
R1ckRul3s, and a random string from robots.txt,
The question is where can we use these? Time to run
There are lots of accessible files and directory but that login.php looks the most interesting.
We all know the username. Maybe that weird string on robots.txt is the password?
It worked! Now we’re successfully logged in. However, it seems like some commands are not allowed such as
Let’s attempt to run a reverse shell on the command panel.
You can choose from these list of reverse shells. Once it’s working, you should now have access to the machine.
It’s good to always check our current username and we can do that using the
We could also check what commands we can run as this user using
So that means we can run any command without restrictions!
Getting the ingredients
On the initial directory after getting a shell, we’ll see an interesting file. Opening it will get us the first ingredient.
So where’s the other ingredients? Let’s see the content of clue.txt.
Look around the file system for the other ingredient
We could manually look around the entire file system for the other ingredients or we could just utilize the
cat to see the second ingredient!
Going to the
/ directory, we can see a “root” directory. However, navigating to or accessing it is not allowed.
We need to use
sudo to see the content of the directory, and hopefully the flag.
That’s it! Congratulations on completing this room!