Vincent Yiu
  • Red Team
  • About Vincent Yiu
  • Red Team Tips
  • Videos
  • Red Team
    • Attack Infrastructure
      • CloudFlare for IP Address Filtering
      • Azure Apps for Command and Control
      • CobaltSplunk
    • Backdooring PE Files
      • Backdoor 101
      • Backdoor 102
      • Backdoor 103
    • Cloud Security
      • CloudFront Domain Hijacks under Attack
      • Vultr Domain Hijacking
      • CloudFlare for Command and Control
    • Command and Control
      • TryCloudFlare Infrastructure and Domain Fronting
      • Domain Fronting using StackPath CDN
      • HAMMERTHROW: Rotate my domain
      • Domain Fronting via. CloudFront Alternate Domains
      • Validated CloudFront SSL Domains
      • Domain Fronting: Who Am I?
      • Host Header Manipulation
      • Finding Target-relevant Domain Fronts
      • Alibaba CDN Domain Fronting
      • TOR Fronting — Utilising Hidden Services to Hide Attack Infrastructure
    • General Exploitation
      • Payload Generation with CACTUSTORCH
      • Exploiting CVE-2017–8759: SOAP WSDL Parser Code Injection
      • Exploiting CVE-2017–0199: HTA Handler Vulnerability
      • F# Shellcode Execution
      • Bypassing Gmail Attachment Virus Check
      • IPFuscation
    • Hardware and Gadgets
      • USBNinja
      • Aorus Gaming Box for Password Cracking
      • Proxmark Adventures 101
      • Poor man’s guide to Raspberry Pi initial installation
    • Post Exploitation
      • Introducing ANGRYPUPPY
      • RDPInception
      • VLAN Attacks
    • Reconaissance
      • Reconnaissance using LinkedInt
      • DomLink — Automating domain discovery
      • OffensiveSplunk vs. Grep
    • Misc
      • Under the wire: Trebek — Walkthrough
Powered by GitBook
On this page

Was this helpful?

  1. Red Team
  2. Misc

Under the wire: Trebek — Walkthrough

PreviousMisc

Last updated 2 years ago

Was this helpful?

Recommended VPS Providers:

  • Low commitment VPS with many locations:

  • Cheap VPS for long term use:

  • Special network / bandwidth connectivity:

  • Alternative:

Trebek, by Under the wire can be found at underthewire.tech

!!! WARNING: Spoilers !!!

Trebek 1 -> 2

Get-WinEvent -Path .\Security.evtx -Verbose | Where-Object {$_.Id -eq 4699} | Select -ExpandProperty message

Read the value from the or use findstr Command

Trebek 2-> 3

sc.exe qc C-3PO

Trebek 3-> 4

Get-WinEvent -path .\Security.evtx | where {$_.id -eq 4624 -and $_.message -match “Account Name:\s+Yoda”} | select -expandproperty message

Trebek 4-> 5

dir C:\windows\prefetch\MSACCESS*

Trebek 5-> 6

get-childitem -path “HKLM:\Software\Microsoft\Windows\CurrentVersion\”

Read the Run key value

Trebek 6-> 7

cd C:\Program Files (x86)\Adobe

Get-ChildItem *.dll -Recurse | group Extension -NoElement

Trebek 7 -> 8

Get-ChildItem -Path “HKLM:\Software\Microsoft\Windows NT\Curr entVersion\Image File Execution Options”

Trebek 8 -> 9

get-content -encoding Byte -totalcount 8 -path .\Clone_Trooper_ data.pdf

Trebek 9 -> 10

get-WmiObject -class Win32_Share

Trebek 10 -> 11

get-winevent -path .\Security.evtx | Where {$_.id -eq 4722} | Select -ExpandProperty message

Trebek 11 -> 12

get-winevent -path .\Security.evtx | Where {$_.id -eq 4720} | Select -ExpandProperty message

Trebek 12 -> 13

get-winevent -path .\Security.evtx | Where {$_.id -eq 4720} | Select -ExpandProperty message

Trebek 13 -> 14

get-aduser -Filter * -Properties City | Select -Property Nam e,City | Select -ExpandProperty City

Trebek 14 -> 15

get-aduser -Filter * -Properties City | Select -Property Nam e,City | Select -ExpandProperty City

[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String(“blahblah”))

Conclusion

Special thanks to Fernando Tomlinson @Wired_Pulse for creation of this game.

https://www.vultr.com/?ref=7348591
https://my.racknerd.com/aff.php?aff=4342
https://bandwagonhost.com/aff.php?aff=67638
https://www.arkecx.com/aff.php?aff=188