maya's blog

maya's blog at the end of the universe.

~$ Advent of Cyber 2022 - Day 5

Posted on Dec. 5th, 2022. | Est. reading time: 2 minutes

Author:

Unknown

Category:

Red Team: Brute-Forcing

Link:

Question 1

Use Hydra to find the VNC password of the target with IP address $MACHINE_IP. What is the password?

We run nmap in service discovery mode like so: nmap -sS $IP to check that VNC is running on the machine.

Screenshot of an nmap scan.

Not very many ports on this one.

We then run hydra to find the password for mark: hydra -P /usr/share/wordlists/rockyou.txt $IP vnc

Screenshot of the execution of the 'hydra' command.

It just works.

Answer: 1q2w3e4r

Question 2

Using a VNC client on the AttackBox, connect to the target of IP address MACHINE_IP. What is the flag written on the target’s screen?

We use Remmina:

Screenshot of Remmina's interface

Remmina is a... useful tool.

We enter the password that we found before:

Screenshot of Remmina's interface, with a password input screen.

We then find the flag:

Screenshot of the result of the VNC connection.

Oooooh, a flag!

Answer: THM{I_SEE_YOUR_SCREEN}