UnderTheWire Cyborg Guide

here's how to solve the Cyborg level 10 → 11

Back to the Cyborg Guides

Previous Level Guide: Cyborg Level 9 → 10

Access

SSH: ssh cyborg10@cyborg.underthewire.tech -p 22

Password: onita99

Info

The password for cyborg11 is the description of the Applocker Executable deny policy for ill_be_back.exe PLUS the name of the file on the desktop.

NOTE:
– If the description is “green$” and the file on the desktop is called “28”, then the password is “green$28”.
– The password will be lowercase no matter how it appears on the screen.

▼ HINT:
Powershell is a great applockerpolicy tool just go GET it.

Theory

To get the password, it's just a simple command, get AppLockerPolicy, the command matches perfectly what the description tells us to do. Gets the local, the effective, or a domain AppLocker policy, and then the effective option after it because it gets both the local and any applied AppLocker domain policies on the local computer. Then we will select the specific object of well, the only object there is in the command, and expand it, because then it'll look like a messy array that doesn't even fit on the screen. And of course, the second part of the password, the name of the file with dir:

dir
Get-AppLockerPolicy -Effective | Select-Object -ExpandProperty RuleCollections

Solution

Now that we are in the shell, let's run the command and see if it actually does what we theorized it'd do:

PS C:\users\cyborg10\desktop> Get-AppLockerPolicy -Effective | Select-Object -ExpandProperty RuleCollections


PathConditions      : {C:\Users\cyborg10\Documents\ill_be_back.exe}
PathExceptions      : {}
PublisherExceptions : {}
HashExceptions      : {}
Id                  : cf7f9744-e5de-4189-8499-236666a32796
Name                : C:\Users\cyborg10\Documents\ill_be_back.exe
Description         : terminated!
UserOrGroupSid      : S-1-1-0
Action              : Deny

Perfect! We have the description of the exe file. Now we just need the name of the file in here and we should be done:

PS C:\users\cyborg10\desktop> dir


    Directory: C:\users\cyborg10\desktop


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        8/30/2018  10:45 AM              0 99

Now just join the two and we get this:

terminated!99

And that's the password! Now we should be good to go to the next level.

https://underthewire.tech/cyborg-10
Next Level Guide: Cyborg Level 11 → Level 12

Explore My Website