Decryption
Now that I have a valid PowerShell session as the administrator user, I will be able to decrypt the PSCredential object in the home directory of the administrator user.
root.txt
PS C:\Data\Users\Administrator> $cred = Import-CliXml -Path .\root.txt; $cred.GetNetworkCredential() | format-list *
UserName : flag
Password : 5dbdce5569e2c4708617c0ce6e9bf11d
Domain : - I can use the PowerShell’s Import-CliXml cmdlet to parse objects from an xml file and
- then use the GetNetworkCredential() method to decrypt the securestring password hash with the current authenticated session credential
- Line them up
The content of the root.txt file is XML despite of the TXT extension.