Underthewire Century 2->3 Write Up
Credit: coursesity.com

Underthewire Century 2->3 Write Up

Jemal A. Seid Jemal A. Seid

Jemal A. Seid

Computer Science Student || Certified in Cybersecurity(CC) || Cisco CCNA || CTF player

发布日期: 2022年8月9日
+ 关注

Hello World, today we will crack underthewire Century 2->3 . ""

Level Objective: Getting password for Century3

PowerShell concepts discussed: PowerShell cmdlets, pronounced as command-lets and navigating in a directory.

Hint: Password for Century3 is the name of the built-in cmdlet that performs the wget like function within PowerShell?PLUS?the name of the file on the desktop.

N.B. A cmdlet is simply a small script that is intended to perform a single specific function such as coping files and changing directories. PowerShell has three core cmdlets which are?Get-Command,?Get-Help?and?Get-Member.

Wget?is a command line tool used to retrieve content and files from web servers.

Getting started: Using the PowerShell cmdlet?Get-Command,?we can list all commands that are installed in the system.

Steps:

1. Make sure we are connected to the server using credentials from century1->2.

2. From the path?C:\users\century2\desktop?running the command?Get-Command?we will get a massive list of all commands installed in the system and their type, version and source. 

PS C:\users\century2\desktop> get-command

CommandType      Name            Version       Source
-----------      ----            -------       ------
-----------      ----            -------       ------
-----------      ----            -------       ------
-----------      ----            -------       ------

Scrolling up and down in the list we will find a cmdlet called?Inovke-WebRequest,?which is what we are looking for.

3. Next, run either?dir?or?ls?command(PS can run both commands) to list files in the current directory and get the file name for our password.

领英推荐

PS C:\users\century2\desktop> ls

Directory: C:\users\century2\desktop

Mode                LastWriteTime         Length    Name
----                -------------         ------    ----
-a----         8/30/2018 3:29 AM            693      443

4. Concatenating the cmdlet and the file name, our password becomes: 

invoke-webrequest443

5. Open another terminal and run the following ssh command and enter the password when prompted. 

ssh [email protected] -p 22

If your current path is changed to?PS C:\users\century3\desktop>?then congrats! we got it right!

Remember that?we always use lower case letters as a password no matter how they appear in the terminal.

After non-commercial break we will proceed to Century3->4.

Till then, keep learning and getting your hands dirty!

Resources:

1.?https://underthewire.tech/century-2

2.https://www.computerhope.com/issues/ch001315.htm#:~:text=List%20the%20files%20in%20a,files%20in%20a%20different%20format.

3.?https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/get-command?view=powershell-7.2

If you enjoy this kind of stuff, we can be friends on:?https://medium.com/@security_boy

要查看或添加评论,请登录

Jemal A. Seid的更多文章

  • Underthewire Century 1->2 Write Up
    2022年8月3日

    Underthewire Century 1->2 Write Up

    Hello World, today we will crack underthewire Century 1->2 . Level Objective:??? ???? ???? ???? ???? ???? ???? ????…

  • Underthewire Century 0->1 Write Up
    2022年7月30日

    Underthewire Century 0->1 Write Up

    Hello World, As I promised in my previous post, today we will begin the journey of learning PowerShell through century…

  • PowerShell Mastery, Underthewire century writeup
    2022年7月23日

    PowerShell Mastery, Underthewire century writeup

    Hello world, Recently, I have been playing wargames on underthewire.tech and I find those games very important to…

  • Is this how LinkedIn recommendation algorithm works?
    2022年6月19日

    Is this how LinkedIn recommendation algorithm works?

    Today I notice something strange, at least for me, on LinkedIn. It recommended me a user to my network based on our…

社区洞察

其他会员也浏览了