UnderTheWire Groot Guide

here's how to solve the Groot level 1 → 2

Back to the Groot Guides

Previous Level Guide: Groot Level 0 → 1


Access

SSH: ssh groot1@groot.underthewire.tech -p 22

Password: groot1

Info

The password for groot2 is the last five alphanumeric characters of the MD5 hash of this system’s hosts file.

NOTE:
– The password will be lowercase no matter how it appears on the screen.

IMPORTANT:
Once you feel you have completed the Groot1 challenge, start a new connection to the server, and log in with the username of Groot2 and this password will be the answer from Groot1. If successful, close out the Groot1 connection and begin to solve the Groot2 challenge. This concept is repeated over and over until you reach the end of the game.

Theory

To get the password we'll use the session we entered in the previous level, and from there we have to get the MD5 hash of the system hosts file, this all sounded easy until I remembered that I have no clue how to use MD5 in PowerShell, although I do know how to in CMD. So yeah for this challenge we are going to go into Windows CMD and use certutil, which is the only way I know to get the hash of a file in windows shells. For that we'll use the certutil command, hashing for a file for MD5. Now all we need is where the system hosts is located. And a quick look through windows documentation tells us it's in drivers/etc/hosts inside System32. So yeah here's the command, we'll see how we put the file later:

cmd
certutil -hashfile FileName.ext MD5

Solution

Because we're already inside of the PowerShell from the previous level, we can go ahead and go into CMD:

Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.

Under the Wire... PowerShell Training for the People!
PS C:\users\Groot1\desktop> cmd

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\users\Groot1\desktop>

Perfect, so it does let us go into CMD, now let's do that certutil command and see if we get it:

C:\users\Groot1\desktop>certutil -hashfile C:\Windows\System32\drivers\etc\hosts MD5
MD5 hash of file C:\Windows\System32\drivers\etc\hosts:
6eec08310bd5328ffc8fb72cd8e464c3
CertUtil: -hashfile command completed successfully.

There we go, we got the MD5 of the system's hosts, now let's take the last five characters, and because they're already lowercase, we have these last five chars:

464c3

And that's the password! Now we should be good to go to the next level.

https://underthewire.tech/groot-1
Next Level Guide: Groot Level 2 → Level 3