Introduction
In this walkthrough, we covered navigating directories and searching through files with Powershell. This was part of Day 20 of Advent of Cyber 2.
Someone is mischievous at The Best Festival Company. The contents within the stockings have been removed. A clue was left in one of the stockings that hints that the contents have been hidden within Elfstation1. McEager moves quickly and attempts to RDP into the machine. Yikes! He is unable to log in.
Finding Elf One’s Wish
My first task was to find a hidden file in the “documents” folder. I started by navigating to the “documents” folder. To find any hidden files, I used a PowerShell command that specifically looks for hidden items. Once I found the hidden file, e1phone.txt, I used another command to read its contents. It turns out Elf One wants “two front teeth” for Christmas!
Uncovering Elf Two’s Desire
Next, I needed to find a hidden folder on the desktop that contained a file for “Elf Two.” I moved to the “desktop” directory and used a command to list only the hidden directories. I found a folder named elf2 and went inside. The file for Elf Two wasn’t hidden, so a simple command to list the contents of the directory revealed it. Reading the file, I discovered that Elf Two wants the movie “scratched.”
Decoding Elf Three’s Christmas Wish
This was the most involved task. I had to search the entire “Windows” directory for a hidden folder related to “Elf Three.” To make the search faster, I filtered for folders containing the number ‘3’ and told PowerShell to search through all the subdirectories. I found a hidden folder named 3lf3 and navigated into it.
Inside, there were two hidden files. For the first file, I needed to count the number of words, which I did by piping the file’s content to a measurement command. It came out to 99 words. Then, I had to find the words at specific positions in the file, which revealed “red” and “rider.”
Finally, to figure out what Elf Three wanted, I searched the second file for the phrase “red rider.” The search revealed that Elf Three wants a “bb gun.”
Technical Commands
Here are the PowerShell commands I used to solve the challenges:
- To change the current directory:
Set-Location <path>(e.g.,Set-Location C:\Users\mc_eager\Documents)cd <path>(a shorter alias for the same command)
- To list files and directories:
Get-ChildItem -File -Hidden -ErrorAction SilentlyContinue(to find hidden files and ignore any errors)Get-ChildItem -Directory -Hidden(to find hidden directories)Get-ChildItem -Directory -Hidden -Filter "*<pattern>*" -Recurse -ErrorAction SilentlyContinue(to recursively search for hidden directories matching a pattern)
- To read the content of a file:
Get-Content <file_name>(e.g.,Get-Content e1phone.txt)
- To analyze file content:
Get-Content <file_name> | Measure-Object -Word(to count the words in a file)Select-String -Path <file_name> -Pattern "<phrase>" -AllMatches(to search for a specific phrase in a file)
Advent of Cyber TryHackMe Room Answers
Search for the first hidden elf file within the Documents folder. Read the contents of this file. What does Elf 1 want?
Search on the desktop for a hidden folder that contains the file for Elf 2. Read the contents of this file. What is the name of that movie that Elf 2 wants?
Search the Windows directory for a hidden folder that contains files for Elf 3. What is the name of the hidden folder? (This command will take a while)
How many words does the first file contain?
What 2 words are at index 551 and 6991 in the first file?
This is only half the answer. Search in the 2nd file for the phrase from the previous question to get the full answer. What does Elf 3 want? (use spaces when submitting the answer)
Video WalkThrough
