https://app.hackthebox.com/challenges/469

Description

In an attempt for the aliens to find more information about the relic, they launched an attack targeting Pandora’s close friends and partners that may know any secret information about it. During a recent incident believed to be operated by them, Pandora located a weird PowerShell script from the event logs, otherwise called PowerShell cradle. These scripts are usually used to download and execute the next stage of the attack. However, it seems obfuscated, and Pandora cannot understand it. Can you help her deobfuscate it?

Analysis

cat cradle.ps1 | tr -d "' + '" | grep "HTB"

Summary

Alien Cradle: isolate the relevant artifact, decode the evidence, and extract the flag.