Oracle 0 -> 5
Oracle 0 -> 1
Grab creds from the slack and login via SSH:
ssh oracle1@oracle.underthewire.tech
Password: oracle1
Oracle 1 -> 2
The password for oracle2 is the timezone in which this system is set to.
Get-TimeZone
Password: utc
Oracle 2 -> 3
The password for oracle3 is the last five digits of the MD5 hash, from the hashes of files on the desktop that appears twice.
Get-FileHash -Algorithm MD5 * | Sort-Object -Property Hash
Password: 2f5c4
Oracle 3 -> 4
The password for oracle4 is the date that the system logs were last wiped as depicted in the event logs on the desktop.
Get-WinEvent -Path .\Oracle3_Security.evtx
Password: 05/09/2017
Oracle 4 -> 5
The password for oracle5 is the name of the GPO that was last created PLUS the name of the file on the user’s desktop.
Get-GPO -All -Domain "underthewire.tech" | select displayname,creationtime
Password: alpha83
Last updated
Was this helpful?