UnderTheWire Groot Guide

here's how to solve the Groot level 13 → 14

Back to the Groot Guides

Previous Level Guide: Groot Level 12 → 13

Access

SSH: ssh groot13@groot.underthewire.tech -p 22

Password: airwolf

Info

The password for groot14 is the name of the Registered Owner of this system as depicted in the Registry PLUS the name of the file on the desktop.

NOTE:
– If the Registered Owner is “Elroy” and the file on the desktop is named “_bob”, the password would be “elroy_bob”.
– The password will be lowercase no matter how it appears on the screen.

Theory

To get the password, as the description says, we're told to find the registered owner of the system as it might say in the registry. We can get this by going to the registry, and getting the property with the name of RegistryOwner. And that's kind of about it, pretty short, I know. But yeah, that is the command, then pair it with the dir command to get the second part of the password in the name of the file in the desktop:

dir
Get-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" | Get-ItemProperty -Name "RegisteredOwner"

Solution

Now that we are inside the shell, we can get the other part of the password with dir:

PS C:\users\Groot13\desktop> dir


    Directory: C:\users\Groot13\desktop


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        8/30/2018  10:51 AM              0 _ned

Now let's run the other command to get the first half of the password:

PS C:\users\Groot13\desktop> Get-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" | Get-ItemProperty -Name "RegisteredOwner"


RegisteredOwner : UTW_Team
PSPath          : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
PSParentPath    : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT
PSChildName     : CurrentVersion
PSProvider      : Microsoft.PowerShell.Core\Registry

Now just grab the registered owner property and make it lowercase, then join it with the file. And we get this password:

utw_team_ned

And that's the password! Now we should be good to go to the next level.

https://underthewire.tech/groot-13
Next Level Guide: Groot Level 14 → Level 15

Explore My Website