1
00:00:00,450 --> 00:00:06,540
In this video we are going to solve Pickle Rick challenge from Tryhackme, which is focused on exploiting

2
00:00:06,540 --> 00:00:09,090
command injection vulnerabilities on websites.

3
00:00:10,620 --> 00:00:11,220
So on.

4
00:00:11,220 --> 00:00:13,590
Try hack me in pickle rec room.

5
00:00:13,590 --> 00:00:14,790
Start your machine.

6
00:00:18,510 --> 00:00:21,530
No, I am already connected to Tryhackme VPN.

7
00:00:22,860 --> 00:00:29,430
First of all, let's just add the website address to our host file with the command sudo nano host.

8
00:00:31,290 --> 00:00:34,320
Then add the IP address and the website address to it.

9
00:00:45,900 --> 00:00:46,320
No.

10
00:00:46,320 --> 00:00:47,520
Browse to the website.

11
00:00:51,060 --> 00:00:54,480
Here we have a single static page called Help Morty.

12
00:00:55,640 --> 00:00:58,790
You can view the page with pressing Ctrl you.

13
00:00:59,890 --> 00:01:03,010
And if you look closely, you will find a username here.

14
00:01:06,850 --> 00:01:12,850
Now whenever you are doing website testing, the second thing to look at is robots.txt file.

15
00:01:14,820 --> 00:01:16,650
The visit, the robots.txt file.

16
00:01:16,650 --> 00:01:20,790
And we also have a term here, I think it's password.

17
00:01:22,110 --> 00:01:25,200
Now let's do some dare busting on the website.

18
00:01:26,690 --> 00:01:30,110
I'm using f give the IP address.

19
00:01:35,420 --> 00:01:37,520
And I'm using the word list from derp.

20
00:01:41,960 --> 00:01:44,540
It has found one directory called assets.

21
00:01:51,590 --> 00:01:51,800
Here.

22
00:01:51,800 --> 00:01:53,420
We have some files listed.

23
00:01:57,210 --> 00:02:00,240
Now let's just look for some specific extensions.

24
00:02:02,410 --> 00:02:06,770
Do the same command with dash e flag and specify the extensions.

25
00:02:06,790 --> 00:02:10,690
Here I am looking for php, html or text files.

26
00:02:14,300 --> 00:02:17,690
So there is a login dot PHP page also on the website.

27
00:02:18,320 --> 00:02:19,970
Let's just try to visit that.

28
00:02:27,790 --> 00:02:31,630
And use the same username and password that you found earlier to log in.

29
00:02:34,070 --> 00:02:36,050
And we have a command panel here.

30
00:02:37,650 --> 00:02:40,200
So we can execute any command here.

31
00:02:43,240 --> 00:02:45,700
We can use to list down the files.

32
00:02:49,190 --> 00:02:53,270
And here we have super secret pickle ingredient text file.

33
00:02:54,820 --> 00:02:56,230
This looks interesting.

34
00:02:57,100 --> 00:03:00,040
Let's just try to cat out the contents of this file.

35
00:03:03,760 --> 00:03:05,680
However, this command is disabled.

36
00:03:07,680 --> 00:03:12,120
Let's just try some other commands like Head, which is also disabled.

37
00:03:13,440 --> 00:03:15,480
Nano is also not working.

38
00:03:17,540 --> 00:03:19,370
So let's just try grep.

39
00:03:20,030 --> 00:03:24,650
You can use grep dot and file name to list down the contents.

40
00:03:26,840 --> 00:03:29,030
And we do have the contents of the file.

41
00:03:31,460 --> 00:03:32,120
When the folder.

42
00:03:32,120 --> 00:03:35,390
There were also some other files which looks interesting.

43
00:03:36,540 --> 00:03:43,170
Just check the contents of the text file with grep dot glue dot text command.

44
00:03:45,350 --> 00:03:49,130
To the hint says look into the file system for other ingredients.

45
00:03:52,170 --> 00:03:57,150
You can use grep to recursively list the contents of all files in the current folder.

46
00:03:57,600 --> 00:04:00,810
Just use the command grep dash capital r.

47
00:04:01,870 --> 00:04:06,100
Dot and it will list down the contents of all files.

48
00:04:11,540 --> 00:04:18,019
So in this manner you can quickly check if there is some important or interesting thing listed in any

49
00:04:18,019 --> 00:04:18,649
file.

50
00:04:24,520 --> 00:04:29,680
So let's just answer the first question on Tryhackme, which was the first ingredient Name.

51
00:04:30,790 --> 00:04:31,870
And paste the answer there.

52
00:04:32,650 --> 00:04:36,790
Now let's see if Python is installed on the web server.

53
00:04:36,820 --> 00:04:39,370
Use the command python version.

54
00:04:39,370 --> 00:04:42,880
So we do have Python 3.5.2 on the server.

55
00:04:43,150 --> 00:04:47,350
We can use a python reverse shell to execute commands on the system.

56
00:04:47,830 --> 00:04:52,150
First of all, open a new terminal on your Kali machine and open a netcat listener.

57
00:04:53,540 --> 00:04:55,130
Load down your IP address.

58
00:04:56,300 --> 00:05:00,680
Now go to rev shells and create a python three reverse shell.

59
00:05:03,460 --> 00:05:04,390
To copy it.

60
00:05:06,890 --> 00:05:08,690
And paste it in the command panel.

61
00:05:10,630 --> 00:05:10,810
No.

62
00:05:10,810 --> 00:05:11,980
Execute the command.

63
00:05:13,680 --> 00:05:16,460
We do get the reverse shell on our Kali Linux.

64
00:05:17,690 --> 00:05:21,440
So in this manner we can easily navigate in our file system.

65
00:05:21,650 --> 00:05:24,590
Currently we are in w w directory.

66
00:05:24,890 --> 00:05:26,190
We can move to home.

67
00:05:26,210 --> 00:05:27,650
Here is a directory.

68
00:05:27,830 --> 00:05:29,490
Just list down the contents.

69
00:05:29,540 --> 00:05:32,240
So we have second ingredients file here.

70
00:05:33,080 --> 00:05:35,030
Just get out its contents.

71
00:05:36,040 --> 00:05:37,690
And we have the second ingredient.

72
00:05:40,150 --> 00:05:40,930
Just paste it in.

73
00:05:40,930 --> 00:05:41,830
Try hack me.

74
00:05:45,100 --> 00:05:46,780
Now let's just move to route.

75
00:05:48,880 --> 00:05:50,860
Here we have third text file.

76
00:05:52,060 --> 00:05:54,280
Just list down its content as well.

77
00:05:54,970 --> 00:05:57,670
And here we have the third ingredient as well.

78
00:05:59,270 --> 00:06:00,770
So copy the ingredient.

79
00:06:01,850 --> 00:06:03,020
And paste it on.

80
00:06:03,020 --> 00:06:03,680
Try hack me.

81
00:06:06,660 --> 00:06:12,390
So we have successfully solved the Pickle Rick challenge on Tryhackme, which is a very good room in

82
00:06:12,390 --> 00:06:14,580
terms of learning command injection.

83
00:06:16,150 --> 00:06:19,540
I hope you like this video and see you in the next video.