Oracle 0 -> 5

Oracle 0 -> 1

Grab creds from the slack and login via SSH:

ssh oracle1@oracle.underthewire.tech
Password: oracle1

Oracle 1 -> 2

The password for oracle2 is the timezone in which this system is set to.

Get-TimeZone
Password: utc

Oracle 2 -> 3

The password for oracle3 is the last five digits of the MD5 hash, from the hashes of files on the desktop that appears twice.

Get-FileHash -Algorithm MD5 * | Sort-Object -Property Hash
Password: 2f5c4

Oracle 3 -> 4

The password for oracle4 is the date that the system logs were last wiped as depicted in the event logs on the desktop.

Get-WinEvent -Path .\Oracle3_Security.evtx
Password: 05/09/2017

Oracle 4 -> 5

The password for oracle5 is the name of the GPO that was last created PLUS the name of the file on the user’s desktop.

Get-GPO -All -Domain "underthewire.tech" | select displayname,creationtime
Password: alpha83
PreviousGroot 10 ->15NextOracle 5 -> 10

Last updated