Advent of Cyber 2022 [Day5] Brute-Forcing | He knows when you’re awake — Write-up by Karthikeyan Nagaraj

Advent of Cyber 2022 Day 5 — He knows when you’re awake Task 10— Write-up by Karthikeyan Nagaraj

Let’s Start the Machine and Enumerate the Machine using nmap

sudo nmap -sS -sV <machine-ip>

Let’s Exploit!!

1. Use Hydra to find the VNC password of the target with IP address MACHINE_IP. What is the password?

Let’s use hydra to Crack the Password!!

Hydra is a brute-forcing tool that helps penetration testers and ethical hackers crack the passwords of network services

VNC Servers do not need a Username to Crack with Hydra. So We are giving the Default Password list rockyou.txt and the server address

hydra  -P /usr/share/wordlists/rockyou.txt vnc://<Machine-Ip> -V

Ans: 1q2w3e4r

2. Using a VNC client on the AttackBox, connect to the target of IP address MACHINE_IP. What is the flag written on the target’s screen?

We found the Password, so let’s try Connecting the Machine with the Password

Open Connections in Linux and Type the IP of the Machine

Enter the Password we found!!

Ans: Flag is in the Above Picture

Thank you for Reading!!

Happy hacking ~

Author : Karthikeyan Nagaraj ~ Cyberw1ng

Queries:

TryHackMe , Advent of Cyber 2022 , Advent of Cyber 2022 Day 5 , Task 10 [Day 5] Brute-Forcing He knows when you’re awake , Karthikeyan nagaraj m Tryhackme Writeup , Advent of cyber 2022 walk through