Skip to main content

The CMD Conundrum

Overview

Room URL: https://tryhackme.com/room/adventofcyberpreptrack
Difficulty: Easy
Category: Prep
Date Completed: 12/1/2025

Objectives

Find the hidden flag file using Windows commands.

Table of Contents

Introduction
Walk Through
Lessons Learned
Resources

Introduction

McSkidy's workstation shows signs of tampering—suspicious files have been moved, logs wiped, and a mysterious folder named mystery_data discovered. Using the Windows Command Prompt, you must investigate the system and uncover hidden evidence that the graphical interface cannot reveal.

Useful Commands

dir equivalent to the ls command on linux
dir /a equivalent to the ls -a command on linux
type equivalent to the cat command on linux

Walk Through

  1. Click view site to open the emulated windows terminal
  2. use dir to view files and directories
    1. dir showed 1 file and 1 directory
      1. readme.txt
      2. mystery_data
        1. This is directory
    2. type readme.txt
      1. "System shows signs of tampering. Investigate the mystery_data folder"
    3. cd mystery_data to change directories
    4. dir shows `notes.txt
      1. type notes.txt
      2. "Some logs were wiped. Hidden artifacts may still remain..."
    5. dir /a to show all files including hidden ones
    6. found hidden_flag.txt
      1. type hidden_flag.txt to reveal contents
        cmdconundrum.png

Lessons Learned

  • Learned Windows Command Prompt equivalents: dir (list files), dir /a (show hidden files), and type (view file contents)
  • Successfully investigated McSkidy's compromised workstation by navigating directories and uncovering hidden artifacts that revealed tampering evidence

Resources

TryHackMe
List of Windows Commands

Back to top