[Day 5] Brute-Forcing

December 5, 2022

Instead of using usernames for ssh attacks in hydra, the service vnc does not require username information. hydra -P /usr/share/wordlists/rockyou.txt vnc://<IP>

Flags

Use Hydra to find the VNC password of the target with IP address <IP>. What is the password?

1q2w3e4r

Using a VNC client on the AttackBox, connect to the target of IP address <IP>. What is the flag written on the target’s screen?

THM{I_SEE_YOUR_SCREEN}

Previous[Day 4] Scanning Next[Day 6] Email Analysis

Last updated 2 years ago