THM - Advent of Cyber 2022 - Day 5

Difficulty:
Challenge Link
OS: Linux

Q: Use Hydra to find the VNC password of the target with IP address 10.10.171.45. What is the password?

This one was a little tricky for me after reading the module, I was sort of following along and got confused. I had to check the hint which told me that "no user needed". I start to try to remove the -l flag from earlier module stuff. This was no avail, I started to do some GoogleFu about Hydra. I thought about it for a few minutes and then looked at the command and noticed I was doing ssh:// and needed to do vnc:// and BINGO!

Commands Used

hydra -P /usr/share/wordlists/rockyou.txt $ip vnc

Answer

1q2w3e4r

Q: Using a VNC client on the AttackBox, connect to the target of IP address 10.10.171.45. What is the flag written on the target’s screen?

You can use any vnc viewer of choice. I personally like to use Remmina. It just so happens the module used the same. I guess if we just "tried" to vnc to the box after knowing vnc was open it only prompts us for a password. Then, that probally would of helped me(us) earier. The more you know right?

Answer

THM{I_SEE_YOUR_SCREEN}