# PowershELlF to the rescue

## Video

{% embed url="<https://youtu.be/LrdT2hUM6mw>" %}

## Resources

To list the contents of the current directory we are in, we can use the `Get-ChildItem` cmdlet.  There are various other options we can use with this cmdlet to enhance its capabilities further.

* `-Path` Specifies a path to one or more locations. Wildcards are accepted.
* `-File / -Directory` To get a list of files, use the File parameter. To get a list of directories, use the Directory parameter. You can use the Recurse parameter with File and/or Directory parameters.
* `-Filter` Specifies a filter to qualify the Path parameter.
* `-Recurse` Gets the items in the specified locations and in all child items of the locations.
* `-Hidden` To get only hidden items, use the Hidden parameter.
* `-ErrorAction SilentlyContinue` Specifies what action to take if the command encounters an error.

For example, if you want to view all of the hidden files in the current directory you are in, you can issue the following command: `Get-ChildItem -File -Hidden -ErrorAction SilentlyContinue`

Another useful cmdlet is `Get-Content`. This will allow you to read the contents of a file.

You can run this command as follows: `Get-Content -Path file.txt`

You can run numerous operations with the `Get-Content` cmdlet to give you more information about the particular file you are inspecting. Such as how many words are in the file and the exact positions for a particular string within a file.

To get the number of words contained within a file, you can use the `Get-Content` cmdlet and pipe the results to the `Measure-Object` cmdlet.

You run this command as follows: `Get-Content -Path file.txt | Measure-Object -Word`

To get the exact position of a string within the file, you can use the following command:  `(Get-Content -Path file.txt)[index]`

The index is the numerical value that is the location of the string within the file. Since indexes start at zero, you typically need to subtract one from the original value to extract the string at the correct position. This is not necessary for this exercise.

To change directories, you can use the `Set-Location` cmdlet.

For example, `Set-Location -Path c:\users\administrator\desktop` will change your location to the Administrator's desktop.

The last cmdlet that is needed to solve this room is `Select-String`. This cmdlet will search a particular file for a pattern you define within the command to run.

An example execution of this command is: `Select-String -Path 'c:\users\administrator\desktop' -Pattern '*.pdf'`

Note: You can always use the `Get-Help` cmdlet to obtain more information about a specific cmdlet. For example, `Get-Help Select-String`

## Challenge

`ssh -l mceager 10.10.114.147`

`r0ckStar!`

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MP-r3jFoJsPqZxj93eu%2F-MP0-b12Nh0AuAzkpZTK%2Fimage.png?alt=media\&token=37dd2fd8-6ca8-4184-b7c8-2b4792fd2476)

```bash
powershell
```

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MP-r3jFoJsPqZxj93eu%2F-MP0-j3bIdlJnY4c8uUU%2Fimage.png?alt=media\&token=e6d3ddcc-70f6-43d7-8f6c-b90b7de62e60)

### Search for the first hidden elf file within the Documents folder. Read the contents of this file. What does Elf 1 want?

```bash
Set-Location .\Documents\           or        cd .\Documents\
cd .\Documents\                     or        ls -Hidden
Get-Content -Path .\e1fone.txt      or        cat .\e1fone.txt
```

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MP-r3jFoJsPqZxj93eu%2F-MP00TrCs9xkDIjL8Q4F%2Fimage.png?alt=media\&token=e2cd4be9-4a03-40b4-9945-1e3f016aca3a)

{% hint style="success" %}
2 front teeth
{% endhint %}

### Search on the desktop for a hidden folder that contains the file for Elf 2. Read the contents of this file. What is the name of that movie that Elf 2 wants?

```bash
cd ..
cd .\Desktop\
ls -Directory -Hidden
cd .\elf2wo
Get-Content -Path .\e70smsW10Y4k.txt        or         cat .\e70smsW10Y4k.txt
```

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MP038NQar1YVF40Q4MN%2F-MP03omsvq-TgzkyNP0_%2Fimage.png?alt=media\&token=ffea0e50-6d2b-49b7-bb47-fcc5cdb94996)

{% hint style="success" %}
Scrooged
{% endhint %}

### Search the Windows directory for a hidden folder that contains files for Elf 3. What is the name of the hidden folder? (This command will take a while)

```bash
gci C:\Windows\ -Recurse -Directory -Hidden -Filter "*3*" -ErrorAction SilentlyContinue
cd c:\Windows\System32\3lfthr3e
ls -Directory -Hidden

```

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MP038NQar1YVF40Q4MN%2F-MP04WGCCSt12Mhu4_al%2Fimage.png?alt=media\&token=206c1551-add1-4f8a-af16-0530d506bd7e)

{% hint style="success" %}
3lfthr3e
{% endhint %}

### How many words does the first file contain?

```bash
cd c:\Windows\System32\3lfthr3e
ls -Hidden
Get-Content -Path 1.txt | Measure-Object -Word        or        (gc .\1.txt).length
```

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MP038NQar1YVF40Q4MN%2F-MP04pjjKOdJIZ1XDsST%2Fimage.png?alt=media\&token=19b49aef-eb47-4715-b3a9-49799f3a0584)

{% hint style="success" %}
9999
{% endhint %}

### What 2 words are at index 551 and 6991 in the first file?

```bash
(Get-Content -Path 1.txt)[551]         or        (gc .\1.txt)[551]
(Get-Content -Path 1.txt)[6991]        or        (gc .\1.txt)[6991]
```

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MP038NQar1YVF40Q4MN%2F-MP055F0T4xq7eH2lRT8%2Fimage.png?alt=media\&token=50c1faf4-a62f-408a-926b-a6e6c9dbd395)

{% hint style="success" %}
Red Ryder
{% endhint %}

### This is only half the answer. Search in the 2nd file for the phrase from the previous question to get the full answer. What does Elf 3 want? (use spaces when submitting the answer)

```bash
Select-String -Path .\2.txt -Pattern 'RedRyder'
```

![](https://244894268-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MO2llY9Epz_XDFDa7VZ%2F-MP-r3jFoJsPqZxj93eu%2F-MP-zOuVOS4ZQM0EmDo6%2Fimage.png?alt=media\&token=8c3365f9-3d8f-4662-8248-487e7de39d8a)

{% hint style="success" %}
Red Ryder bb gun
{% endhint %}