[CTF] PickleRick: Webserver Exploitation and Bypassing Deny lists | Command Injection | MRKSecurity
![[CTF] PickleRick: Webserver Exploitation and Bypassing Deny lists | Command Injection | MRKSecurity](https://i.ytimg.com/vi/8fUtjZzx1dM/hqdefault.jpg)
Pickle Rick: TryHackme.com to capture the flag challenge. It’s a Web Server with Web Application vulnerabilities that help the attacker compromise the server by finding weak credentials and benefitting from the command line execution vulnerability to find flags and other hidden secrets. Pickle Rick’s Room is a perfect example of why you should never have an open CMD execution interface to the web. Here I am solving a simple beginner-level challenge from TryHackMe, which is called Pickle Rick, which will teach you the very basics of pentesting in a webserver. LET’S GET STARTED!!
To Complete the challenge, we performed a Nmap scanning to enumerate open ports, and we discovered an HTTP service which, after enough enumeration, we were able to extract the username from the page source code. Using directory brute force we were able to discover a password in the robot.txt file, which led us to log in to the web application.
Enumerating the web application for vulnerabilities using authenticated access, we discovered a vulnerable command module that enabled us to gain a reverse shell and extract the ingredients related to the challenge. Linux privilege escalation was accomplished by exploiting sudo permissions to gain the Root shell.
If you would like to support me, please like, comment & subscribe. Thanks for watching.
@MRKSecurity
#picklerick #capturetheflag #tryhackme #ctf #mrksecurity #cybersecurity #ethicalhacking #pentesting
[CTF] PickleRick: Webserver Exploitation and Bypassing Deny lists | Command Injection | MRKSecurity
SUPPORT: Please LIKE, COMMENT & SUBSCRIBE:
Site: https://mrksecurity.com
PayPal: https://paypal.me/MHamza786
Twitter – https://twitter.com/mrksecurityclub
Instagram – https://www.instagram.com/mrksecurity
DISCLAIMER: Welcome to our Cyber Security and Ethical Hacking YouTube channel. Our videos are for educational and informational purposes only. We do not condone or encourage any illegal activities or malicious behavior. Viewers are responsible for their actions, and we will not be held liable for misuse or unlawful conduct. Thank you for watching.
TAGS: Solving the Pickle Rick CTF, TryHackMe Pickle Rick, Simple Webserver Exploitation, CTF Walkthrough, Pickle Rick – Beginner Friendly Walkthrough, tryhackme pickle rick,pickle rick,tryhackme,linkedin e learning,udemy wordpress,codecademy,udacity,sans institute,linkedin learning, ethical hacking,rick and morty,capture the flag,pickle rick,penetration testing,cyber security,tryhackme, Easy Webserver exploitation, Pickle Rick CTF Writeup, The Absolute Beginner Pentesting, ctf,pentesting, pickle rick ctf tryhackme, pickle rick ctf walkthrough, tryhackme, ethical hacking, cyber security, cyber security,ethical hacking,ethical hacking hindi,free ethical hacking course,ctf,tryhackme,tryhackme tutorial,beginner ctf,tryhackme walkthrough,walkthrough,ctf walkthrough,tryhackme common linux privesc,tryhackme vulnversity walkthrough,tryhackme metasploit walkthrough,gaming server tryhackme walkthrough,hacking ctf walkthrough,tryhackme blog room walkthrough,hacking walkthroughs,tryhackme gaming server wallkthrough,vulnhub walkthrough.