Tags: password-cracking
Rating:
Download the challenge archive, extract it, open `Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Preferences/Groups/Groups.xml`:
```xml
<Groups clsid="{3125E937-EB16-4b4c-9934-544FC6D24D26}"><User clsid="{DF5F1855-51E5-4d24-8B1A-D9BDE98BA1D1}" name="n00b_us3r" image="0" changed="2020-11-15 00:57:07" uid="{A8043038-7235-4F5E-BE8C-3076F5D31FE8}"><Properties action="C" fullName="" description="" cpassword="HlQWFdlPXQTU7n8W9VbsVTP245DcAJAUQeAZZfkJE/Q8ZlWgwj7CqKl6YiPvKbQFO7PWS7rSwbVtSSZUhJSj5YzjbkKtyXR5fP9VQDEieMU" changeLogon="0" noChange="0" neverExpires="0" acctDisabled="0" userName="n00b_us3r"/></User>
</Groups>
```
By giving this cpassword to gp3finder, we get the flag:
```bash
$ python cli.py -D HlQWFdlPXQTU7n8W9VbsVTP245DcAJAUQeAZZfkJE/Q8ZlWgwj7CqKl6YiPvKbQFO7PWS7rSwbVtSSZUhJSj5YzjbkKtyXR5fP9VQDEieMU
Group Policy Preference Password Finder (GP3Finder) 5.0.0
Copyright (C) 2020 Oliver Morton
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See GPLv2 License.
INFO: gp3finder: Decrypted password is 38 characters.
INFO: gp3finder: --------------------------------------
INFO: gp3finder: vulncon{s3cur1ty_h4s_3volv3d_s0__much}
INFO: gp3finder: --------------------------------------
```