# Cyborg 10 -> 15 ## Cyborg 10 -> 11 The password for cyborg11 is the description of the Applocker Executable deny policy for ill\_be\_back.exe **PLUS** the name of the file on the desktop. ``` Get-AppLockerPolicy -Effective -Xml ``` ``` Password: terminated!99 ``` ``` Additional useful stuff: 1. See examples: Get-Help Get-AppLockerPolicy -examples 2. Find location of a file: Get-ChildItem -Path c:\ -Recurse *.exe -ErrorAction SilentlyContinue | ?{$_.name -eq "ill_be_back.exe"} ``` ## Cyborg 11 -> 12 The password for cyborg12 is located in the IIS log. The password is not Mozilla or Opera. ``` Find the IIS log file: Get-ChildItem -Path C:\ -Recurse *.log -ErrorAction SilentlyContinue | Select-String "Internet Information Services" -List | Select Path Finding the password: Get-Content C:\inetpub\logs\logfiles\w3svc1\u_ex160413.log | Select-String "password" -Exclude "Mozilla,Opera" ``` ``` Password: spaceballs ``` {% hint style="warning" %} Dunno why the access denied errors won't hide, need to fix {% endhint %} ## Cyborg 12 -> 13 The password for cyborg13 is the first four characters of the base64 encoded full path to the file that started the i\_heart\_robots service **PLUS** the name of the file on the desktop. ``` Get-WmiObject win32_service | ?{$_.Name -like 'i_heart_robots'} | select pathname ``` ``` Password: yzpc_heart ``` ## Cyborg 13 -> 14 The password cyborg14 is the number of days the refresh interval is set to for DNS aging for the underthewire.tech zone **PLUS** the name of the file on the desktop. ``` Get-DnsServerZoneAging -ZoneName "underthewire.tech" ``` ``` Password: 22_days ``` {% hint style="info" %} Do with WMI later {% endhint %} ## Cyborg 14 -> 15 The password for cyborg15 is the caption for the DCOM application setting for application ID {59B8AFA0-229E-46D9-B980-DDA2C817EC7E} **PLUS** the name of the file on the desktop. ``` Get-WmiObject win32_DCOMApplicationSetting | ?{$_.AppID -eq '{59B8AFA0-229E-46D9-B980-DDA2C817EC7E}'} | select caption ``` ``` Password: propshts_objects ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cybertuna.gitbook.io/underthewire/cyborg/cyborg-10-greater-than-15.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.