PowershELlF to the rescue
Powershell
Video
Resources
To list the contents of the current directory we are in, we can use the Get-ChildItem cmdlet. There are various other options we can use with this cmdlet to enhance its capabilities further.
-PathSpecifies a path to one or more locations. Wildcards are accepted.-File / -DirectoryTo get a list of files, use the File parameter. To get a list of directories, use the Directory parameter. You can use the Recurse parameter with File and/or Directory parameters.-FilterSpecifies a filter to qualify the Path parameter.-RecurseGets the items in the specified locations and in all child items of the locations.-HiddenTo get only hidden items, use the Hidden parameter.-ErrorAction SilentlyContinueSpecifies what action to take if the command encounters an error.
For example, if you want to view all of the hidden files in the current directory you are in, you can issue the following command: Get-ChildItem -File -Hidden -ErrorAction SilentlyContinue
Another useful cmdlet is Get-Content. This will allow you to read the contents of a file.
You can run this command as follows: Get-Content -Path file.txt
You can run numerous operations with the Get-Content cmdlet to give you more information about the particular file you are inspecting. Such as how many words are in the file and the exact positions for a particular string within a file.
To get the number of words contained within a file, you can use the Get-Content cmdlet and pipe the results to the Measure-Object cmdlet.
You run this command as follows: Get-Content -Path file.txt | Measure-Object -Word
To get the exact position of a string within the file, you can use the following command: (Get-Content -Path file.txt)[index]
The index is the numerical value that is the location of the string within the file. Since indexes start at zero, you typically need to subtract one from the original value to extract the string at the correct position. This is not necessary for this exercise.
To change directories, you can use the Set-Location cmdlet.
For example, Set-Location -Path c:\users\administrator\desktop will change your location to the Administrator's desktop.
The last cmdlet that is needed to solve this room is Select-String. This cmdlet will search a particular file for a pattern you define within the command to run.
An example execution of this command is: Select-String -Path 'c:\users\administrator\desktop' -Pattern '*.pdf'
Note: You can always use the Get-Help cmdlet to obtain more information about a specific cmdlet. For example, Get-Help Select-String
Challenge
ssh -l mceager 10.10.114.147
r0ckStar!
powershell
Search for the first hidden elf file within the Documents folder. Read the contents of this file. What does Elf 1 want?
Set-Location .\Documents\ or cd .\Documents\
cd .\Documents\ or ls -Hidden
Get-Content -Path .\e1fone.txt or cat .\e1fone.txt
2 front teeth
Search on the desktop for a hidden folder that contains the file for Elf 2. Read the contents of this file. What is the name of that movie that Elf 2 wants?
cd ..
cd .\Desktop\
ls -Directory -Hidden
cd .\elf2wo
Get-Content -Path .\e70smsW10Y4k.txt or cat .\e70smsW10Y4k.txt
Scrooged
Search the Windows directory for a hidden folder that contains files for Elf 3. What is the name of the hidden folder? (This command will take a while)
gci C:\Windows\ -Recurse -Directory -Hidden -Filter "*3*" -ErrorAction SilentlyContinue
cd c:\Windows\System32\3lfthr3e
ls -Directory -Hidden
3lfthr3e
How many words does the first file contain?
cd c:\Windows\System32\3lfthr3e
ls -Hidden
Get-Content -Path 1.txt | Measure-Object -Word or (gc .\1.txt).length
9999
What 2 words are at index 551 and 6991 in the first file?
(Get-Content -Path 1.txt)[551] or (gc .\1.txt)[551]
(Get-Content -Path 1.txt)[6991] or (gc .\1.txt)[6991]
Red Ryder
This is only half the answer. Search in the 2nd file for the phrase from the previous question to get the full answer. What does Elf 3 want? (use spaces when submitting the answer)
Select-String -Path .\2.txt -Pattern 'RedRyder'
Red Ryder bb gun
Last updated
Was this helpful?