Welcome back to yet another blog on day 5 of Advent Of Cyber 2022. Till now, I guess all the tasks are pretty easy and amazing. You must have learnt something new from all the tasks.It's time to learn something from day 5. Without any further delay, let's move to today's task.
He knows when you're awake
This room is mainly focusing on brute forcing and some random access services.
Have you ever thought about how will you access a computer that is very far away from you? If you have read my yesterday's blog, I told you about ssh. With ssh, you can access any computer securely. It is a command line interface which means you have to do all your work through terminal. But what if you need a graphical user interface (GUI)? For this, we have Remote Desktop Protocol(RDP). When using Remote Desktop, the user can see their desktop and use the keyboard and mouse as if sitting at the computer. The platform we are using in this room is VNC. Virtual Network Computing provides access to a graphical interface which allows the user to view the desktop and (optionally) control the mouse and keyboard.
The second thing we are doing in this task is brute forcing. You can assume, it is a trial-and-error to guess login info. Not only login info, but it is also used to find hidden directories, for performing DOS attacks or for spamming any messages. Let's take a scenario here that the attacker is brute forcing login info. An attacker uses a wordlist which have common passwords like 12345678, admin,admin123 etc. and one by one they use these passwords until they guessed the password correctly. Attacker use tools like hydra or burp suite for brute forcing as it becomes really hard to manually enter all the passwords because wordlist contains more than 500-1000 words. In this task, we are using hydra for brute-forcing the password. Let's move to today's task.
Question1
We need to find the VNC password of our IP address.
The syntax of hydra is hydra -l username -P wordlist.txt server service. Here server means IP address and service means ssh or vnc. But in vnc, we don't have a username so skip the username part in this syntax. The wordlist we are using here is rockyou.txt and the service is VNC.
hydra -p /usr/share/wordlists/rockyou.txt vnc://<ip address>
The location of the wordlist will be the same. Just change your IP address in the above syntax.
Wait for your results as the wordlist is too big. Got the password?
Question2
Now we have the password but what to do with this? This password will be used to connect to VNC.
Go to the applications tab and select Internet. Under the internet tab you can see a tab called Remmina. Click on that.
It will ask for password. Click on cancel. You can see an interface something like this.
Enter your IP address on the above bar and Change the RDP tab to VNC.
Press Enter. Now it will ask for password. Enter the password which we got in question1 . Click ok . Wait for some time .
Now you must be able to see something like this
Yes, that's the flag.
Question3
They are recommending you to complete the given rooms.
Congratulations !! we completed this task. New task will be added tomorrow. Till then you can follow me here for upcoming blogs on the advent of cyber 2022. In the end, you will get a certificate from tryhackme for completing this challenge.
Keep learning and keep spreading Knowledge.