ElMariachi-PC

Enumeration

From Nmap, there is quite a few open ports but the most interesting one is port 60000 as seen below, this port has a web service running ThinVNC which grants remote access to another device.

The webpage when visited requests credential however, non of the well known default login credential worked.

I decided to check for possibility of a ThinVNC vulnerability on Metasploit and found an auxiliary Module. The login credential was found in the ThinVNC.ini file.

With the credential, I was able to login to the webpage

After connecting to the Machine, I was able to get a remote GUI connection and navigate to the Desktop to find the flag