# The CMD Conundrum

### Overview
---
**Room URL:** https://tryhackme.com/room/adventofcyberpreptrack  
**Difficulty:** Easy  
**Category:** Prep  
**Date Completed:** 12/1/2025 

### Objectives
Find the hidden flag file using Windows commands.

---
### Table of Contents
[Introduction](#bkmrk-introduction)  
[Walk Through](#bkmrk-walk-through)  
[Lessons Learned](#bkmrk-lessons-learned)  
[Resources](#bkmrk-resources)  

---
### Introduction
McSkidy's workstation shows signs of tampering—suspicious files have been moved, logs wiped, and a mysterious folder named `mystery_data` discovered. Using the Windows Command Prompt, you must investigate the system and uncover hidden evidence that the graphical interface cannot reveal.

#### Useful Commands
`dir` equivalent to the `ls` command on linux  
`dir /a` equivalent to the `ls -a` command on linux  
`type` equivalent to the `cat` command on linux  

---
### Walk Through
1. Click view site to open the emulated windows terminal
2. use `dir` to view files and directories
    1. `dir` showed 1 file and 1 directory
          1. `readme.txt`
          2. `mystery_data`
              1. This is directory
    2. `type readme.txt`
        1. "System shows signs of tampering. Investigate the mystery_data folder"
    3. `cd mystery_data` to change directories
    4. `dir` shows `notes.txt
        1. `type notes.txt`
        2. "Some logs were wiped. Hidden artifacts may still remain..."
    5. `dir /a` to show all files including hidden ones
    6. found `hidden_flag.txt`
        1. `type hidden_flag.txt` to reveal contents      
[![cmdconundrum.png](https://bookstack.rizzoit.com/uploads/images/gallery/2025-12/scaled-1680-/cmdconundrum.png)](https://bookstack.rizzoit.com/uploads/images/gallery/2025-12/cmdconundrum.png)

---
### Lessons Learned
- Learned Windows Command Prompt equivalents: `dir` (list files), `dir /a` (show hidden files), and `type` (view file contents)
- Successfully investigated McSkidy's compromised workstation by navigating directories and uncovering hidden artifacts that revealed tampering evidence
---
### Resources
[TryHackMe](tryhackme.com)  
[List of Windows Commands](https://www.lifewire.com/list-of-command-prompt-commands-4092302)