Introduction:
This Pickle Rick TryHackMe walkthrough will guide you through a fun, Rick and Morty-themed challenge that requires you to exploit a web server and find three ingredients to help Rick make his potion and transform himself back into a human from a pickle. Available for free on Tryhackme, this room is beginner-friendly—just join, start the machine, and follow this walkthrough to capture all the flags.
Port Scanning
Since it’s a CTF, port scanning is always the first step. Use your favourite scanner, such as Nmap, Masscan, or Rustscan.
nmap -A 10.10.X.X
Enumeration
Enumeration is the key! According to the nmap scan, two ports are open. First is 22 running SSH, and another one is 80, which is running HTTP service, that’s our next step to enumerate the web application.
View the page source and found username – R1ckRul3s
Looking for hidden endpoints! perform directory fuzzing to check for the hidden endpoint URLs by using your favorite tool like Dirb, Dirsearch, Fuff, etc.
dirsearch -u http://10.10.X.X
Checked the /assets path but found nothing, but checked robots.txt and found a string Wubbalubbadubdub, looks like a password of the username.
Where should we try the password? Remember the login.php found during the directory fuzzing.
Exploitation
Logged in using the credentials. Uhmmmm!! Looks like a there is command injection vulnerability. Tried -ls -la and it works!
View the content of the interesting text files like Sup3rS3crectPickle3Ingred.txt or clue.txt, but unfortunately, cat command doesn’t work.
After a while, tried strings command and it works! The purpose of the strings command is to extract human-readable character sequences from binary files, which is useful for examining executables, libraries, and other non-text files.
Flag I
Used strings command to check the Sup3rS3crectPickle3Ingred.txt file and got the first flag.
strings Sup3rS3crectPickle3Ingred.txt
Flag II
Next step? Rather than checking random things, clue.txt was there, which gives the second flag clue.
strings clue.txt
The clue was very clear to check other locations, and checked for the user directory set by the step.
ls -la /home
Checked for rick user directory and found second flag.
ls -la /home/rick
Used strings command to view it.
strings /home/rick/"second ingredients"
Flag III
To get the last flag, tried to view the content of /root directory, but it doesn’t work. Then after some time, tried for sudo rights using sudo -l command and it works!
sudo -l
Used sudo to view the contents /root directory.
sudo ls -la /root/
Found the last flag using the same strings command.
sudo strings /root/3rd.txt
That’s all for this Pickle Rick walkthrough. If you found it helpful, please consider sharing it with your friends or teammates. We’d love to hear your feedback or suggestions in the comments section. You can also explore opportunities to collaborate with us—check out our collaboration page. Thank you!
