This Rick and Morty-themed challenge requires you to exploit a web server and find three ingredients to help Rick make his potion and transform himself back into a human from a pickle.
I started with a nmap scan which showed that port 80 and 22 were open.
The webpage didn't look too exciting but there was a comment in the html which will probably be useful
I started gobuster to try to find something more since there were no hints on the main page.
It found a login.php page which I tried to bruteforce with the username I found above.
I tried bruteforcing this for so long but to no avail. I made use of ChatGPT to come up with custom wordlists and finally I found the correct password ('Wubbalubbadubdub'). I remember seeing this during the recon phase at robots.txt but didn't think more of it then...
Logging in with the correct username and passwords gets us here:
I tried just executing 'ls' and found some interesting stuff. I was not allowed to run 'cat' though....
But 'less' works and we got the first correct answer :)
And we can use 'less' again to get the clue.txt file.
After some digging around I found the second ingredient at /home/rick/'second ingredients'.
I checked the other users home folder as well and it had some interesting files.
That was a dead end though. I tried accessing the root directory but wasn't allowed to. So I ran 'sudo -l' to see if I was allowed to run anything with sudo and it turns out I could run EVERYTHING with sudo. So I used that to find the third ingredient.
