https://www.vulnhub.com/entry/alfa-1,655/
Simple walkthroug:
nmap -sV -sC -p- 192.168.56.72 -oN ports.log
ftp log in as anonymous, get a pic file.
check robots.txt, find brain fuck strings, decode it, and get a new url.
enum4linux, get username.
enter the new url, check the chat text, get password pattern.
crunch generate password from the pattern.
hydra to brutefoce ssh username and password.
ssh log in, find local port 5901 is open, and a keyfile in home folder.
port forward 5901 out, vnc connect it with the keyfile.