UnderTheWire Groot Guide

here's how to solve the Groot level 9 → 10

Back to the Groot Guides

Previous Level Guide: Groot Level 8 → 9


Access

SSH: ssh groot9@groot.underthewire.tech -p 22

Password: call_me_starlord

Info

The password for groot10 is the name of the OU that doesn’t have accidental deletion protection enabled PLUS the name of the file on the desktop.

NOTE:
– If the name of the OU is called “blue” and the file on the desktop is named “_bob”, the password would be “blue_bob”.
– The password will be lowercase no matter how it appears on the screen.

Theory

To get the password, as the description says, we're told to find the OU of the object that specifically doesn't have accidental deletion. So to find this object in the first place, we need to know what the name of this accidental deletion property or whatever it is, so we can search through everything searching for a member with "delet" in the name, we don't know if it might be `deletion` or `delete`, then when we get the name of this thing, we can search for the places that specifically don't have this property. And finally, the dir command to get the name of the file in the desktop. And the commands are:

dir
Get-ADOrganizationalUnit -Filter * -Properties * | Get-Member -Name '*delet*'
Get-ADOrganizationalUnit -Filter * -Properties <name> | Where-Object {-not $_.<name>}

Solution

Now that we are inside the shell, we can see what the second part of the command is with dir:

PS C:\users\Groot9\desktop> dir


    Directory: C:\users\Groot9\desktop


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        8/30/2018  10:51 AM              0 _tester

Now we can use the second command to know which deletion object it might be:

PS C:\users\Groot9\desktop> Get-ADOrganizationalUnit -Filter * -Properties * | Get-Member -Name '*delet*'


   TypeName: Microsoft.ActiveDirectory.Management.ADOrganizationalUnit

Name                            MemberType Definition
----                            ---------- ----------
Deleted                         Property   System.Boolean Deleted {get;}
isDeleted                       Property   System.Boolean isDeleted {get;}
ProtectedFromAccidentalDeletion Property   System.Boolean ProtectedFromAccidentalDeletion {get;set;}

Now just grab that one about accidental deletion, and put it on the third command:

PS C:\users\Groot9\desktop> Get-ADOrganizationalUnit -Filter * -Properties ProtectedFromAccidentalDeletion | Where-Object {-not $_.ProtectedFromAccidentalDeletion}


City                            :
Country                         :
DistinguishedName               : OU=T-25,OU=X-Wing,DC=underthewire,DC=tech
LinkedGroupPolicyObjects        : {cn={49401C32-4145-463F-B5E7-816926D4F78D},cn=policies,cn=system,DC=underthewire,DC=tech}
ManagedBy                       :
Name                            : T-25
ObjectClass                     : organizationalUnit
ObjectGUID                      : fc15c303-dd9a-4c44-a941-314cc6fdd394
PostalCode                      :
ProtectedFromAccidentalDeletion : False
State                           :
StreetAddress                   :

Now just get that OU in lowercase, and join it with the name of the file in the desktop:

t-25_tester

And that's the password! Now we should be good to go to the next level.

https://underthewire.tech/groot-9
Next Level Guide: Groot Level 10 → Level 11