Try Hack Me
  • Try Hack Me
  • Rooms
  • Tutorial
    • Welcome to TryHackMe
    • Welcome
    • Tutorial
    • Starting Out In Cyber Sec
    • Welcome
  • Capture The Flag
    • Advent of Cyber
      • Task 1 - 10
      • Task 11 - 20
      • Task 21 - 29
      • PDF - materials
    • Anonymous
    • Mnemonic
    • Bounty Hacker
    • Ignite
    • Pickle Rick
    • Simple CTF
    • Agent Sudo
    • Mr. Robot
  • Advent of Cyber II
    • A Christmas Crisis
    • The Elf Strikes Back!
    • Christmas Chaos
    • Santa's watching
    • Someone stole Santa's gift list!
    • Be careful with what you wish on a Christmas night
    • The Grinch Really Did Steal Christmas
    • What's Under the Christmas Tree?
    • Anyone can be Santa!
    • Don't be sElfish!
    • The Rogue Gnome
    • Ready, set, elf.
    • Coal for Christmas
    • Where's Rudolph?
    • There's a Python in my stocking!
    • Help! Where is Santa?
    • ReverseELFneering
    • The Bits of Christmas
    • The Naughty or Nice List
    • PowershELlF to the rescue
    • Time for some ELForensics
    • Elf McEager becomes CyberElf
    • The Grinch strikes again!
    • The Trial Before Christmas
    • Thank You
  • Linux
    • Linux Fundamentals Part 1
    • Linux Fundamentals Part 2
    • Linux Fundamentals Part 3
    • LinuxCTF - Linux Challenges
    • Learn Linux - wip
    • Find - wip
  • Windows
    • Intro to Windows
  • OSINT
    • Introductory Researching - wip
    • Google Dorking
    • OhSINT
    • Sublist3r
    • Searchlight - IMINT
    • Geolocating Images
  • Crypto
    • Hashing - Crypto 101
    • Encryption - Crypto 101
    • CrackTheHash - wip
  • Network
    • Introductory Networking
    • Nmap
    • Network Services - wip
    • Network Services 2 - wip
    • Networking - wip
    • Nmap - wip
    • TOR
  • Web
    • Web Fundamentals
  • Pentest
    • Pentest questionaire
  • Hardware
    • Dumping Router Firmware
  • HELP
  • Reverse
    • Reversing ELF
Powered by GitBook
On this page
  • Video
  • Resources
  • Challenge
  • Search for the first hidden elf file within the Documents folder. Read the contents of this file. What does Elf 1 want?
  • Search on the desktop for a hidden folder that contains the file for Elf 2. Read the contents of this file. What is the name of that movie that Elf 2 wants?
  • Search the Windows directory for a hidden folder that contains files for Elf 3. What is the name of the hidden folder? (This command will take a while)
  • How many words does the first file contain?
  • What 2 words are at index 551 and 6991 in the first file?
  • This is only half the answer. Search in the 2nd file for the phrase from the previous question to get the full answer. What does Elf 3 want? (use spaces when submitting the answer)

Was this helpful?

  1. Advent of Cyber II

PowershELlF to the rescue

Powershell

PreviousThe Naughty or Nice ListNextTime for some ELForensics

Last updated 4 years ago

Was this helpful?

Video

Resources

To list the contents of the current directory we are in, we can use the Get-ChildItem cmdlet. There are various other options we can use with this cmdlet to enhance its capabilities further.

  • -Path Specifies a path to one or more locations. Wildcards are accepted.

  • -File / -Directory To get a list of files, use the File parameter. To get a list of directories, use the Directory parameter. You can use the Recurse parameter with File and/or Directory parameters.

  • -Filter Specifies a filter to qualify the Path parameter.

  • -Recurse Gets the items in the specified locations and in all child items of the locations.

  • -Hidden To get only hidden items, use the Hidden parameter.

  • -ErrorAction SilentlyContinue Specifies what action to take if the command encounters an error.

For example, if you want to view all of the hidden files in the current directory you are in, you can issue the following command: Get-ChildItem -File -Hidden -ErrorAction SilentlyContinue

Another useful cmdlet is Get-Content. This will allow you to read the contents of a file.

You can run this command as follows: Get-Content -Path file.txt

You can run numerous operations with the Get-Content cmdlet to give you more information about the particular file you are inspecting. Such as how many words are in the file and the exact positions for a particular string within a file.

To get the number of words contained within a file, you can use the Get-Content cmdlet and pipe the results to the Measure-Object cmdlet.

You run this command as follows: Get-Content -Path file.txt | Measure-Object -Word

To get the exact position of a string within the file, you can use the following command: (Get-Content -Path file.txt)[index]

The index is the numerical value that is the location of the string within the file. Since indexes start at zero, you typically need to subtract one from the original value to extract the string at the correct position. This is not necessary for this exercise.

To change directories, you can use the Set-Location cmdlet.

For example, Set-Location -Path c:\users\administrator\desktop will change your location to the Administrator's desktop.

The last cmdlet that is needed to solve this room is Select-String. This cmdlet will search a particular file for a pattern you define within the command to run.

An example execution of this command is: Select-String -Path 'c:\users\administrator\desktop' -Pattern '*.pdf'

Note: You can always use the Get-Help cmdlet to obtain more information about a specific cmdlet. For example, Get-Help Select-String

Challenge

ssh -l mceager 10.10.114.147

r0ckStar!

powershell

Search for the first hidden elf file within the Documents folder. Read the contents of this file. What does Elf 1 want?

Set-Location .\Documents\           or        cd .\Documents\
cd .\Documents\                     or        ls -Hidden
Get-Content -Path .\e1fone.txt      or        cat .\e1fone.txt

2 front teeth

Search on the desktop for a hidden folder that contains the file for Elf 2. Read the contents of this file. What is the name of that movie that Elf 2 wants?

cd ..
cd .\Desktop\
ls -Directory -Hidden
cd .\elf2wo
Get-Content -Path .\e70smsW10Y4k.txt        or         cat .\e70smsW10Y4k.txt

Scrooged

Search the Windows directory for a hidden folder that contains files for Elf 3. What is the name of the hidden folder? (This command will take a while)

gci C:\Windows\ -Recurse -Directory -Hidden -Filter "*3*" -ErrorAction SilentlyContinue
cd c:\Windows\System32\3lfthr3e
ls -Directory -Hidden

3lfthr3e

How many words does the first file contain?

cd c:\Windows\System32\3lfthr3e
ls -Hidden
Get-Content -Path 1.txt | Measure-Object -Word        or        (gc .\1.txt).length

9999

What 2 words are at index 551 and 6991 in the first file?

(Get-Content -Path 1.txt)[551]         or        (gc .\1.txt)[551]
(Get-Content -Path 1.txt)[6991]        or        (gc .\1.txt)[6991]

Red Ryder

This is only half the answer. Search in the 2nd file for the phrase from the previous question to get the full answer. What does Elf 3 want? (use spaces when submitting the answer)

Select-String -Path .\2.txt -Pattern 'RedRyder'

Red Ryder bb gun