Previous Level Guide: Groot Level 8 → 9
Access
SSH: ssh groot9@groot.underthewire.tech -p 22
Password: call_me_starlord
Info
The password for groot10 is the name of the OU that doesn’t have accidental deletion protection enabled PLUS the name of the file on the desktop. NOTE: – If the name of the OU is called “blue” and the file on the desktop is named “_bob”, the password would be “blue_bob”. – The password will be lowercase no matter how it appears on the screen.
Theory
To get the password, as the description says, we're told to find the OU of the object that specifically doesn't have accidental deletion. So to find this object in the first place, we need to know what the name of this accidental deletion property or whatever it is, so we can search through everything searching for a member with "delet" in the name, we don't know if it might be `deletion` or `delete`, then when we get the name of this thing, we can search for the places that specifically don't have this property. And finally, the dir command to get the name of the file in the desktop. And the commands are:
dir Get-ADOrganizationalUnit -Filter * -Properties * | Get-Member -Name '*delet*' Get-ADOrganizationalUnit -Filter * -Properties <name> | Where-Object {-not $_.<name>}
Solution
Now that we are inside the shell, we can see what the second part of the command is with dir:
PS C:\users\Groot9\desktop> dir Directory: C:\users\Groot9\desktop Mode LastWriteTime Length Name ---- ------------- ------ ---- -a---- 8/30/2018 10:51 AM 0 _tester
Now we can use the second command to know which deletion object it might be:
PS C:\users\Groot9\desktop> Get-ADOrganizationalUnit -Filter * -Properties * | Get-Member -Name '*delet*' TypeName: Microsoft.ActiveDirectory.Management.ADOrganizationalUnit Name MemberType Definition ---- ---------- ---------- Deleted Property System.Boolean Deleted {get;} isDeleted Property System.Boolean isDeleted {get;} ProtectedFromAccidentalDeletion Property System.Boolean ProtectedFromAccidentalDeletion {get;set;}
Now just grab that one about accidental deletion, and put it on the third command:
PS C:\users\Groot9\desktop> Get-ADOrganizationalUnit -Filter * -Properties ProtectedFromAccidentalDeletion | Where-Object {-not $_.ProtectedFromAccidentalDeletion} City : Country : DistinguishedName : OU=T-25,OU=X-Wing,DC=underthewire,DC=tech LinkedGroupPolicyObjects : {cn={49401C32-4145-463F-B5E7-816926D4F78D},cn=policies,cn=system,DC=underthewire,DC=tech} ManagedBy : Name : T-25 ObjectClass : organizationalUnit ObjectGUID : fc15c303-dd9a-4c44-a941-314cc6fdd394 PostalCode : ProtectedFromAccidentalDeletion : False State : StreetAddress :
Now just get that OU in lowercase, and join it with the name of the file in the desktop:
t-25_tester
And that's the password! Now we should be good to go to the next level.
https://underthewire.tech/groot-9Next Level Guide: Groot Level 10 → Level 11