Hacking with powershell
Task 1 - Objectives
Q1. Read the above and deploy the machine!
No Answer Needed
Task 2 - What is Powershell?
Q1. What is the command to get a new object?
Answer π Get-New
Task 3 - Basic Powershell Commands
Q1. What is the location of the file "interesting-file.txt
- We have to find a file with a specific name.
- Use following command which itrate over each directory from the given path lokking for given filename
Answer π C:\Program Files
Q2. Specify the contents of this file
- Now we know the directory of the file. Change the directory to that file's. Using Set-Location cmdlet
- Then run following command to get the content of given file.
Answer π notsointerestingcontent
Q3. How many cmdlets are installed on the system(only cmdlets, not functions and aliases)?
Get-Command | Where-Object {$_.CommandType -eq "Cmdlet"} | Measure-Object
Answer π 6638
Q4. Get the MD5 hash of interesting-file.txt
Get-FileHash .\interesting-file.txt.txt
Answer π 49A586A2A9456226F8A1B4CEC6FAB329
Q5. What is the command to get the current working directory?
Answer π Get-Location
Q6. Does the path "C:UsersAdministratorDocumentsPasswords" Exist (Y/N)?
- Run a Set-Location cmdlet on given location, it gives error meaning directory doesn't exist
Answer π N
Q7. What command would you use to make a request to a web server?
Answer π Invoke-WebRequest
Q8. Base64 decode the file b64.txt on Windows.
- Change the current location to the given base64 encoded text file location , which is in the Desktop.
Answer π ihopeyoudidthisonwindows
Task 4 - Enumeration
Q1. How many users are there on the machine?
(Get-LocalUser).count
Answer π 5
Q2. Which local user does this SID(S-1-5-21-1394777289-3961777894-1791813945-501) belong to?
Get-LocalUser | Select-Object * | Where-Object {$_.SID -eq "S-1-5-21-1394777289-3961777894-1791813945-501"}
Answer π Guest
Q3. How many users have their password required values set to False?
Get-LocalUser | Select-Object * | Where-Object {$_.PasswordRequired -eq $false} | Measure-Object
Answer π 4
Q4. How many local groups exist?
Get-LocalGroup | Measure-Object
Answer π 24
Q5. What command did you use to get the IP address info?
Answer π Get-NetIPAddress
Q6. How many ports are listed as listening?
Get-NetTCPConnection | Where-Object {$_.State -eq "Listen"} | Measure-Object
Answer π 20
Q7. What is the remote address of the local port listening on port 445?
Get-NetTCPConnection | Where-Object {$_.LocalPort -eq 445}
Answer π ::
Q8. How many patches have been applied?
Get-HotFix | Measure-Object
Answer π 20
Q9. When was the patch with ID KB4023834 installed?
Get-HotFix | Where-Object {$_.HotFixID -eq "KB4023834"}
Answer π 6/15/2017 12:00:00 AM
Q10. Find the contents of a backup file.
Get-ChildItem "*.bak*" -Recurse -ErrorAction SilentlyContinue -Path C:\ | Get-Content
Answer π backpassflag
Q11. Search for all files containing API_KEY
Get-ChildItem -Path C:\Users -Recurse -ErrorAction SilentlyContinue | Select-String βAPI_KEYβ
Answer π fakekey123
Q12. What command do you do to list all the running processes?
Answer π Get-Process
Q13. What is the path of the scheduled task called new-sched-task?
(Get-ScheduledTask | Where-Object {$_.TaskName -eq βnew-sched-taskβ}).TaskPath
Answer π /
Q14. Who is the owner of the C:\
(Get-Acl βC:\β).Owner
Answer π NT SERVICE\TrustedInstaller
Task 5 - Basic Scripting Challenge
Q1. What file contains the password?
Get-ChildItem -Recurse -ErrorAction SilentlyContinue | Select-String βpasswordβ
Answer π Doc3M
Q2. What is the password?
Answer π johnisalegend99
Q3. What files contains an HTTPS link?
Get-ChildItem -Recurse -ErrorAction SilentlyContinue | Select-String βhttpsβ
Answer π Doc2Mary
Task 6 - Intermediate Scripting
Q1. How many open ports did you find between 130 and 140(inclusive of those two)?
Answer π 11