Embedded Files
Enumeration
From Nmap, there is quite a few open ports but the most interesting one is port 60000 as seen below, this port has a web service running ThinVNC which grants remote access to another device.
The webpage when visited requests credential however, non of the well known default login credential worked.
I decided to check for possibility of a ThinVNC vulnerability on Metasploit and found an auxiliary Module. The login credential was found in the ThinVNC.ini file.
With the credential, I was able to login to the webpage
After connecting to the Machine, I was able to get a remote GUI connection and navigate to the Desktop to find the flag
Page updated
Google Sites
Report abuse