linkedin github @vysecurity

Under the wire: Trebek — Walkthrough

Recommended VPS Providers:

Trebek, by Under the wire can be found at underthewire.tech

!!! WARNING: Spoilers !!!

Trebek 1 -> 2

Get-WinEvent -Path .\Security.evtx -Verbose | Where-Object {$_.Id -eq 4699} | Select -ExpandProperty message

Read the value from the or use findstr Command

Trebek 2-> 3

sc.exe qc C-3PO

Trebek 3-> 4

Get-WinEvent -path .\Security.evtx | where {$_.id -eq 4624 -and $_.message -match “Account Name:\s+Yoda”} | select -expandproperty message

Trebek 4-> 5

dir C:\windows\prefetch\MSACCESS*

Trebek 5-> 6

get-childitem -path “HKLM:\Software\Microsoft\Windows\CurrentVersion\”

Read the Run key value

Trebek 6-> 7

cd C:\Program Files (x86)\Adobe

Get-ChildItem *.dll -Recurse | group Extension -NoElement

Trebek 7 -> 8

Get-ChildItem -Path “HKLM:\Software\Microsoft\Windows NT\Curr entVersion\Image File Execution Options”

Trebek 8 -> 9

get-content -encoding Byte -totalcount 8 -path .\Clone_Trooper_ data.pdf

Trebek 9 -> 10

get-WmiObject -class Win32_Share

Trebek 10 -> 11

get-winevent -path .\Security.evtx | Where {$_.id -eq 4722} | Select -ExpandProperty message

Trebek 11 -> 12

get-winevent -path .\Security.evtx | Where {$_.id -eq 4720} | Select -ExpandProperty message

Trebek 12 -> 13

get-winevent -path .\Security.evtx | Where {$_.id -eq 4720} | Select -ExpandProperty message

Trebek 13 -> 14

get-aduser -Filter * -Properties City | Select -Property Nam e,City | Select -ExpandProperty City

Trebek 14 -> 15

get-aduser -Filter * -Properties City | Select -Property Nam e,City | Select -ExpandProperty City

[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String(“blahblah”))

Conclusion

Special thanks to Fernando Tomlinson @Wired_Pulse for creation of this game.

PreviousMisc

Last updated