UnderTheWire Century Guide

here's how to solve the Century level 1 → 2

Back to the Century Guides

Previous Level Guide: Century Level 0 → 1

Access

SSH: ssh century1@century.underthewire.tech -p 22

Password: century1

Info

The password for Century2 is the build version of the instance of PowerShell installed on this system.

NOTE:
– The format is as follows: **.*.*****.****
– Include all periods
– Be sure to look for build version and NOT PowerShell version

IMPORTANT:
Once you feel you have completed the Century1 challenge, start a new connection to the server, and log in with the username of Century2 and this password will be the answer from Century1. If successful, close out the Century1 connection and begin to solve the Century2 challenge. This concept is repeated over and over until you reach the end of the game.

Theory

To get the password we'll use the session we entered in the previous level, and from there we could use the Get-Host command, which gives you information about the host, sometimes it gives information about the shell instead of the server, so the second command here is just in case it doesn't work so we just go straight to the information about the operating system:

Get-Host
Get-CimInstance -ClassName Win32_OperatingSystem

Solution

Firstly we'll use the Get-Host command now that we are inside the shell:

PS C:\users\century1\desktop> Get-Host

Name             : ConsoleHost
Version          : 5.1.14393.7604
InstanceId       : e0b02762-d21f-41d2-ba5e-ef6adb0ba887
UI               : System.Management.Automation.Internal.Host.InternalHostUserInterface
CurrentCulture   : en-US
CurrentUICulture : en-US
PrivateData      : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy
DebuggerEnabled  : True
IsRunspacePushed : False
Runspace         : System.Management.Automation.Runspaces.LocalRunspace

So yeah, this is actually the info of the console, aka the powershell, aka what we don't want. So let's try the other command:

PS C:\users\century1\desktop> Get-CimInstance -ClassName Win32_OperatingSystem

SystemDirectory     Organization BuildNumber RegisteredUser SerialNumber            Version
---------------     ------------ ----------- -------------- ------------            -------
C:\Windows\system32 OVH SAS      14393       UTW_Team       00377-60000-00000-AA934 10.0.14393

Now we have a new problem. It says in the task that the format is xx.x.xxxxx.xxxx, so that means we are missing four numbers in the end. But don't worry, because in the other command—the powershell version—we can see that the part with five numbers is exactly the same, so if we join this version with the last numbers of the other we get this as our password:

10.0.14393.7604

And that's the password! Now we should be good to go to the next level.

https://underthewire.tech/century-1
Next Level Guide: Century Level 2 → Level 3

Explore My Website