DEV Community

Cover image for Advent of Cyber 2025: Day 2 Writeup | TryHackMe
Mahin Ahmad
Mahin Ahmad

Posted on

Advent of Cyber 2025: Day 2 Writeup | TryHackMe

#ctf #tryhackme #linux

Today is about Phishing🦈. Day 2 Room Link.
For people new to TryHackMe, you may see a button 'Start AttackBox' button and then be confused between Attackbox and Targetbox.
TryHackMe Attackbox and targetbox
Targetbox is the server where flags are located, we have to find vulnerability aka h@ck that box.
As for the Attackbox, its where you... 🕶 run your operations from 🕶.

  1. TryHackMe lets us spin up a GUI Attackbox for 1 hour each day; Targetbox dont have a such limit. Or,
  2. I can use my own laptop as the Attackbox;
  3. Or I can use a linux VM in Virtualbox and use that as my Attackbox

For option 2,3 we have to be in the same network as the Targetbox, hence install Openvpn and download+import TryHackMe's networking configuration file(.ovpn). TryHackMe has a practice room for a step-by-step guideline.

But for today's tasks it's better to use their Attackbox; a server.py file is made for us to use. In fact the Attackbox usually comes equipped with lots of tools that we may need to solve a room... unless you already have a 5TB fully loaded kali linux VM in your machine to h@ck planet Mars.

In task description, they handhold you towards the finish line. I'm not going to do that... but this is a writeup blog... i know i'm confused as well, whats there to write about! I will describe things not obvious to beginners.

  • After starting the python server.py you may continue your work in another terminal tab, like a browser tab. See below: Open a New Terminal Tab

  • You can switch between the tabs with Alt+1 and Alt+2; Or with Ctrl+tab if you are running your own machine. While you work on your fishing 🎣 from another tab, this will keep running in seperate tab and print out any response from the victim:
    server.py running

  • In setoolkit, if you dont see the 1 2 3 4 options, wait some time for it to load.

  • And if you cannot paste with ctrl+v, use ctrl+shift+v 😶

  • For the 2nd task, from the Attackbox open Firefox like dis and enter the very obvious username and password:
    Firefox Roundcube

Feel free to comment if anything is unclear.

I'll finish this off with some awareness stuff.

  1. Notice that notes from the room, if an email triggers you to act right now, or asks for a code/PIN/OTP, hold your horses!
    TryHackMe phishing awareness points

  2. This will fool people with lower eyesight and those in phones:
    microsoft phishing

  3. Utilize https://wheregoes.com/ to check if an ambiguous shortlink(such as this bitly link) leads to anything suspicious!
    https://wheregoes.com/

  4. And lastly read this article from goated @insiderphd

    So you think you've been hacked by a sophisticated hacking group, what next?

    Advice for people who suspect they or/and their friends/family are being persistently hacked on every platform

    favicon insiderphd.substack.com

Top comments (0)