~$ Advent of Cyber 2022 - Day 5
Question 1
Use Hydra to find the VNC password of the target with IP address
$MACHINE_IP
. What is the password?
We run nmap
in service discovery mode like so: nmap -sS $IP
to check that VNC is running on the machine.
![Screenshot of an nmap scan.](assets/images/walkthrough/thm/aoc-2022/day05/1.1.png)
We then run hydra
to find the password for mark
: hydra -P /usr/share/wordlists/rockyou.txt $IP vnc
![Screenshot of the execution of the 'hydra' command-](assets/images/walkthrough/thm/aoc-2022/day05/1.2.png)
Answer: 1q2w3e4r
Question 2
Using a VNC client on the AttackBox, connect to the target of IP address
MACHINE_IP
. What is the flag written on the target?s screen?
We use Remmina:
![Screenshot of Remmina's interface](assets/images/walkthrough/thm/aoc-2022/day05/2.1.png)
We enter the password that we found before:
![Screenshot of Remmina's interface, with a password input screen.](assets/images/walkthrough/thm/aoc-2022/day05/2.2.png)
We then find the flag:
![Screenshot of the result of the VNC connection.](assets/images/walkthrough/thm/aoc-2022/day05/2.3.png)
Answer: THM{I_SEE_YOUR_SCREEN}