->picklerick




User part :



-> Run Nmap Scan





-> port 22,80 are open, so lets run directory bruteforce using feroxbuster





-> got a login page, so lets browse that in browser, but we don't have any credentials for login, so started looking deeper





-> going to website, as a normal website





-> But in source code, username is commented. so i got username. next step is to find password





-> for every website , the first file that should be look is the robots.txt, from that i got some string





-> so i tried this string with the username in the login page and got success





-> i checked with ls command for listing files





-> i got a perl revere shell command to get shell





-> i ran command and got shell back





-> i got my first flag from same directory





Root Part :



-> i got the second flag from /home/rick directory





-> i checked for , the commands that i can run as root and you can see, i can run all commands as root. from root directory i got final flag