TryHackMe: Advent of Cyber 2022 (Day 5) He knows when you’re awake

“Elf McSkidy asked Elf Recon McRed to search for any backdoor that the Bandit Yeti APT might have installed. If any such backdoor is found, we would learn that the bad guys might be using it to access systems on Santa’s network.”

Question #1: Use Hydra to find the VNC password of the target with IP address (will be unique for you). What is the password?

I started a hydra attack on the VNC server and got my result in a few minutes:

1q2w3e4r

Question #2: Using a VNC client on the AttackBox, connect to the target of IP address (will be unique for you). What is the flag written on the target’s screen?

I used Remmina to connect:

Then I entered the password I found earlier with hydra:

It took a bit to load and I eventually realized it was because hydra was still actively attacking it. It does not automatically stop when it finds one password, so make sure to stop it.

THM{I_SEE_YOUR_SCREEN}