UnderTheWire Cyborg Guide

here's how to solve the Cyborg level 14 → 15

Back to the Cyborg Guides

Previous Level Guide: Cyborg Level 13 → 14

Access

SSH: ssh cyborg14@cyborg.underthewire.tech -p 22

Password: 22_days

Info

The password for cyborg15 is the caption for the DCOM application setting for application ID {59B8AFA0-229E-46D9-B980-DDA2C817EC7E} PLUS the name of the file on the desktop.

NOTE:
– If the caption is “dcom” and the file on the desktop is called “_address”, then the password is “dcom_address”.
– The password will be lowercase no matter how it appears on screen.

▼ HINT:
win32_DCOMApplicationSetting

Theory

To get the password, we need to get the caption of a DCOM app setting with that app id. So we can just look for DCOM apps with the class name dcom application, pretty simple. Although then we have to filter for the app id, which if you see right here, I'm using percentage signs, which means wildcard. This just tells powershell to find any app id that contains this id anywhere inside it, and you might say that what if we just don't include these signs, or maybe just use the asterisk like always. Well, no. If you don't put anything in the place of those percentage signs, then it will search for a setting with that name specifically, and the asterisks are looking for the specific characters of the app id, so I think wildcard is the best option we have here. And that leaves us with this command and dir to get the filename:

dir
Get-CimInstance -ClassName Win32_DCOMApplication -Filter 'AppID like "%59B8AFA0-229E-46D9-B980-DDA2C817EC7E%"'

Solution

Now that we are in the shell, first let's just get the name of the file in the desktop:

PS C:\users\cyborg14\desktop> dir


    Directory: C:\users\cyborg14\desktop


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        8/30/2018  10:45 AM              0 _objects

Now let's do the other command to get the caption with that app id:

PS C:\users\cyborg14\desktop> Get-CimInstance -ClassName Win32_DCOMApplication -Filter 'AppID like "%59B8AFA0-229E-46D9-
B980-DDA2C817EC7E%"'

AppID                                  Name     InstallDate
-----                                  ----     -----------
{59B8AFA0-229E-46d9-B980-DDA2C817EC7E} propshts

There isn't a caption here, let's list everything that comes with this setting of the app id:

PS C:\users\cyborg14\desktop> Get-CimInstance -ClassName Win32_DCOMApplication -Filter 'AppID like "%59B8AFA0-229E-46D9-
B980-DDA2C817EC7E%"' | Select-Object *


Name                  : propshts
Status                :
Caption               : propshts
Description           : propshts
InstallDate           :
AppID                 : {59B8AFA0-229E-46d9-B980-DDA2C817EC7E}
PSComputerName        :
CimClass              : root/cimv2:Win32_DCOMApplication
CimInstanceProperties : {Caption, Description, InstallDate, Name...}
CimSystemProperties   : Microsoft.Management.Infrastructure.CimSystemProperties

Oh, that's the caption, it's the same, nah that's fine. Now just join the caption with the name of the file in the desktop, and we get this:

propshts_objects

And that's the password! Now we should be good to go to the next level.

https://underthewire.tech/cyborg-14
Next Level Guide: Cyborg Level 15

Explore My Website