Skip to content

Hacking with PowerShell Banner

Hacking with PowerShell Logo

Hacking with PowerShell

This guide contains the answer and steps necessary to get to them for the Hacking with PowerShell room.

Table of contents

What is Powershell?

  1. What is the command to get a new object?

We will use a verb to describe what we want to do and then a noun describing what we want to do it to.

Click for answerget-new

Basic Powershell Commands

  1. What is the location of the file "interesting-file.txt"

For this we can use 'Get-ChildItem' and specify the path and filename we want to look for.

Get-ChildItem -Path C:\ -Recurse -File -Include *interesting-file* -ErrorAction SilentlyContinue

BASIC COMMANDS LOCATION

Click for answerC:\Program FIles

  1. Specify the contents of this file

Viewing the contents can be done with the 'Get-Content' command.

Get-Content -Path "C:\Program Files\interesting-file.txt.txt"

BASIC COMMANDS CONTENT

Click for answernotsointerestingcontent

  1. How many cmdlets are installed on the system(only cmdlets, not functions and aliases)?

'Get-Command' can be used to view the installed cmdlets. However, we must also filter to only show cmdlets. This can be done by piping the output to 'Where-Object'.

Get-Command | Where-Object -Property CommandType -eq Cmdlet | Measure

BASIC COMMANDS CMDLETS

Click for answer6638

  1. Get the MD5 hash of interesting-file.txt

The file hash can be obtained using 'Get-FileHash'.

Get-FileHash -Algorithm MD5 -Path "C:\Program Files\interesting-file.txt.txt"

BASIC COMMANDS HASH

Click for answer49A586A2A9456226F8A1B4CEC6FAB329

  1. What is the command to get the current working directory?

BASIC COMMANDS DIRECTORY

Click for answerGet-Location

  1. Does the path "C:\Users\Administrator\Documents\Passwords" Exist (Y/N)?

We can simply try to view the contents of this directory to see if it exists.

Get-ChildItem -Path "C:\Users\Administrator\Documents\Passwords"

BASIC COMMANDS EXIST

Click for answerN

  1. What command would you use to make a request to a web server?

Using 'Get-Command' we can look for the correct command.

BASIC COMMANDS REQUEST

Click for answerInvoke-WebRequest

  1. Base64 decode the file b64.txt on Windows.

After getting the contents of the file, we can decode the base64 encoded string using CyberChef.

Get-ChildItem -Path C:\ -File -Recurse -Include *b64.txt -ErrorAction SilentlyContinue
 Get-Content C:\Users\Administrator\Desktop\b64.txt

BASIC COMMANDS B64

BASIC COMMANDS FLAG

Click for answerihopeyoudidthisonwindows

Enumeration

  1. How many users are there on the machine?

Click for answer

  1. Which local user does this SID(S-1-5-21-1394777289-3961777894-1791813945-501) belong to?

Click for answer

  1. How many users have their password required values set to False?

Click for answer

  1. How many local groups exist?

Click for answer

  1. What command did you use to get the IP address info?

Click for answer

  1. How many ports are listed as listening?

Click for answer

  1. What is the remote address of the local port listening on port 445?

Click for answer

  1. How many patches have been applied?

Click for answer

  1. When was the patch with ID KB4023834 installed?

Click for answer

  1. Find the contents of a backup file.

Click for answer

  1. Search for all files containing API_KEY

Click for answer

  1. What command do you do to list all the running processes?

Click for answer

  1. What is the path of the scheduled task called new-sched-task?

Click for answer

  1. Who is the owner of the C:\

Click for answer

Basic Scripting Challenge

  1. What file contains the password?

Click for answer

  1. What is the password?

Click for answer

  1. What files contains an HTTPS link?

Click for answer

Intermediate Scripting

  1. How many open ports did you find between 130 and 140(inclusive of those two)?

Click for answer