~$ Advent of Cyber 2022 - Day 5

Posted on Dec. 5th, 2022. | Est. reading time: 2 minutes

Red Team: Brute-Forcing

Question 1

Use Hydra to find the VNC password of the target with IP address $MACHINE_IP. What is the password?

We run nmap in service discovery mode like so: nmap -sS $IP to check that VNC is running on the machine.

Screenshot of an nmap scan.Not very many ports on this one.

We then run hydra to find the password for mark: hydra -P /usr/share/wordlists/rockyou.txt $IP vnc

Screenshot of the execution of the 'hydra' command-It just works.

Answer: 1q2w3e4r

Question 2

Using a VNC client on the AttackBox, connect to the target of IP address MACHINE_IP. What is the flag written on the target?s screen?

We use Remmina:

Screenshot of Remmina's interfaceRemmina is a... useful tool.

We enter the password that we found before:

Screenshot of Remmina's interface, with a password input screen.

We then find the flag:

Screenshot of the result of the VNC connection.Oooooh, a flag!