ElMariachi-PC PwntillDawn
IP Address = 10.150.150.69
Difficulty = Easy
Nmap Scan:
From the scan we can see its a windows box. So lets enumerate the smb server
It shows that we can’t list shares anonymously. On looking at the ports we can see a weird port on 5040 and nmap isn’t able to identify the service running on it
I tried connecting to it using netcat but I didn’t get any response
Lets get back to the smb port and try further enumeration. Using the metasploit module, I attempted to brute force but wasn’t successfull
At this point I rescanned the host again and got another port which was running thinvnc on port 60000
I checked out metasploit to see if there’s any thing on it. Cool there is
I’ll use the exploit
And it gave us a credential desperado:TooComplicatedToGuessMeAhahahahahahahh. I’ll login via rdp using newly found credential
Flags:
Flag67: 2971f3459fe55db1237aad5e0f0a259a41633962
And we’re done
Write-ups have been authorized for this machine by the PwnTillDawn Crew! Here’s the link to access it Wizlynx and PwntillDawn