ElMariachi-PC ~ PwnTillDawn Walkthrough
Hi, I am Astik Rawat, and I hope everyone is doing good. Here is my walkthrough for Host 69 (FLAG67) from PwnTillDawn. I will go straight into it, I hope you learn something from it.
After connecting the VPN and pinging the host I scanned all the open ports on the host using Nmap as follows:
I found few known ports are open and few higher ports are open, so I decided to check the running services on all the open ports.
After the scan finished I saw nothing much relevant from the known ports than basic information about the target. But for port 60000, I found something interesting. So, First I visited the target with port 60000 and found out I need credentials to log into it.
So I searched for ThinVNC exploits on searchsploit and found one but it didn’t work, so I started to look on open source websites and Metasploit while making changes to the exploit I found through Searchsploit.
The one that worked for me was the exploit I found on Metasploit.
I changed all the necessary options on it to check if it worked
Then I just ran the exploit and voilà it worked perfectly and I received the user credentials.
Then I went to Rdesktop and tried to log into the user with the credentials and then I found the FLAG67 on the Desktop.
Alternative: Instead of Using Rdesktop to login, we can also use the browser and access the target with 60000 port and enter the credetails. ThinVNC is a web remote desktop.
I hope you enjoy this walkthrough and get to learn something new.
Also, I would like to give credits to Wixlynx and PwnTillDawn for such an amazing free platform to sharpen your pen-testing skills.
If you enjoyed this walkthrough and are looking for more in the future, please follow me and connect with me on LinkedIn.
LinkedIn: https://www.linkedin.com/in/astikrawat/