Groot 5 -> 10
Groot 5 -> 6
The password for groot6 is the name of the workstation that the user with a username of “baby.groot” can log into as depicted in Active Directory PLUS the name of the file on the desktop
Get-AdUser -Filter "SamAccountName -eq 'baby.groot'" -Property LogonWorkstations
Password: wk11_enterprise
Groot 6 -> 7
The password for groot7 is the name of the program that is set to start when this user logs in PLUS the name of the file on the desktop.
Get-ChildItem HKCU:\Software\Microsoft\Windows\CurrentVersion
Look for the 'run' key
Password: star-lord_rules
Groot 7 -> 8
The password for groot8 is the name of the dll, as depicted in the registry, associated with the “applockerfltr” service PLUS the name of the file on the desktop.
Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\applockerfltr
Password: srpapi_home
Groot 8 -> 9
The password for groot9 is the description of the firewall rule blocking MySQL PLUS the name of the file on the desktop.
Get-NetFirewallRule -DisplayName MySQL | select Description
Password: call_me_starlord
Groot 9 -> 10
The password for groot10 is the name of the OU that doesn’t have accidental deletion protection enabled PLUS the name of the file on the desktop.
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -match $False} | select name
Password: t-25_tester
Last updated
Was this helpful?