UnderTheWire Century Guide

here's how to solve the Century level 12 → 13

Back to the Century Guides

Previous Level Guide: Century Level 11 → 12

Access

SSH: ssh century12@century.underthewire.tech -p 22

Password: secret_sauce

Info

The password for Century13 is the description of the computer designated as a Domain Controller within this domain PLUS the name of the file on the desktop.

NOTE:
– The password will be lowercase no matter how it appears on the screen.
– If the description “today_is” and the file on the desktop is named “_cool”, the password would be “today_is_cool”.

Theory

To get the password, it's just a combination of the name of the file in desktop, and the description of the computer classified in the domain controller. So let's try to go backwards, to get the first part of the password, we need the description of the computer, how is this object named? We can know that by looking at the domain controller. And then just dir for the second part of the password. So the domain controller command was easy, it was in the name. When we have the computer name, we'll put it in this command that looks for all the properties under the computer name class, which is a command I found on Microsoft Learn, here (first example). And we have these commands:

dir
Get-ADDomainController
Get-ADComputer -Identity "Computer-Name" -Properties *

Solution

Now that we are in machine, let's see the second part of the password:

PS C:\users\century12\desktop> dir


    Directory: C:\users\century12\desktop


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        8/30/2018   3:34 AM             30 _things

That's the second part, now we'll see the domain controller stuff:

PS C:\users\century12\desktop> Get-ADDomainController

ComputerObjectDN           : CN=UTW,OU=Domain Controllers,DC=underthewire,DC=tech
DefaultPartition           : DC=underthewire,DC=tech
Domain                     : underthewire.tech
Enabled                    : True
Forest                     : underthewire.tech
HostName                   : utw.underthewire.tech
InvocationId               : 09ee1897-2210-4ac9-989d-e19b4241e9c6
IPv4Address                : 192.99.167.156
IPv6Address                :
IsGlobalCatalog            : True
IsReadOnly                 : False
LdapPort                   : 389
Name                       : UTW
...

There it is, the name of the object is "UTW", now we can pluck it in the other command, and get the description, which has the first part of the password:

PS C:\users\century12\desktop> Get-ADComputer -Identity "UTW" -Properties *
...
CN                                   : UTW
codePage                             : 0
CompoundIdentitySupported            : {False}
countryCode                          : 0
Created                              : 8/30/2018 2:53:47 AM
createTimeStamp                      : 8/30/2018 2:53:47 AM
Deleted                              :
Description                          : i_authenticate
DisplayName                          :
...

There we go! Now we'll just join the two parts and get this:

i_authenticate_things

And that's the password! Now we should be good to go to the next level.

https://underthewire.tech/century-12
Next Level Guide: Century Level 13 → Level 14

Explore My Website