Alien Crade

Alien Cradle is a “really easy” ranked challenge within the Hack the Box platform

In an attempt for the aliens to find more information about the relic, they launched an attack targeting Pandora’s close friends and partners that may know any secret information about it. During a recent incident believed to be operated by them, Pandora located a weird PowerShell script from the event logs, otherwise called PowerShell cradle. These scripts are usually used to download and execute the next stage of the attack. However, it seems obfuscated, and Pandora cannot understand it. Can you help her deobfuscate it?

First thing we need to do on this challenge is to download the associated files

This downloaded a .ps1 script (powershell script)

CATing it out in the terminal, we get the following

If we check into the script a bit closer, we can de-obfuscate it by simply adding the following together.

This gives us our flag!