Vincent Yiu
linkedin
github
@vysecurity
Search…
Red Team
About Vincent Yiu
Red Team Tips
Videos
Red Team
Attack Infrastructure
Backdooring PE Files
Cloud Security
Command and Control
General Exploitation
Hardware and Gadgets
Post Exploitation
Reconaissance
Misc
Under the wire: Trebek — Walkthrough
Powered By
GitBook
Under the wire: Trebek — Walkthrough
Trebek, by Under the wire can be found at underthewire.tech
!!! WARNING: Spoilers !!!
Trebek 1 -> 2
Get-WinEvent -Path .\Security.evtx -Verbose | Where-Object {$_.Id -eq 4699} | Select -ExpandProperty message
Read the value from the or use findstr Command
Trebek 2-> 3
sc.exe qc C-3PO
Trebek 3-> 4
Get-WinEvent -path .\Security.evtx | where {$_.id -eq 4624 -and $_.message -match “Account Name:\s+Yoda”} | select -expandproperty message
Trebek 4-> 5
dir C:\windows\prefetch\MSACCESS*
Trebek 5-> 6
get-childitem -path “HKLM:\Software\Microsoft\Windows\CurrentVersion\”
Read the Run key value
Trebek 6-> 7
cd C:\Program Files (x86)\Adobe
Get-ChildItem *.dll -Recurse | group Extension -NoElement
Trebek 7 -> 8
Get-ChildItem -Path “HKLM:\Software\Microsoft\Windows NT\Curr entVersion\Image File Execution Options”
Trebek 8 -> 9
get-content -encoding Byte -totalcount 8 -path .\Clone_Trooper_ data.pdf
Trebek 9 -> 10
get-WmiObject -class Win32_Share
Trebek 10 -> 11
get-winevent -path .\Security.evtx | Where {$_.id -eq 4722} | Select -ExpandProperty message
Trebek 11 -> 12
get-winevent -path .\Security.evtx | Where {$_.id -eq 4720} | Select -ExpandProperty message
Trebek 12 -> 13
get-winevent -path .\Security.evtx | Where {$_.id -eq 4720} | Select -ExpandProperty message
Trebek 13 -> 14
get-aduser -Filter * -Properties City | Select -Property Nam e,City | Select -ExpandProperty City
Trebek 14 -> 15
get-aduser -Filter * -Properties City | Select -Property Nam e,City | Select -ExpandProperty City
[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String(“blahblah”))
Conclusion
Special thanks to Fernando Tomlinson @Wired_Pulse for creation of this game.
Red Team - Previous
Misc
Last modified
3yr ago
Copy link
Outline