Advent of Cyber 2025: Day 2 Writeup | TryHackMe

Source: Dev.to

Setup

• TryHackMe provides a GUI Attackbox (1 hour daily) and an unrestricted Targetbox.
• You can also use your own laptop or a Linux VM in VirtualBox as the Attackbox.
• For options 2 and 3 you must be on the same network as the Targetbox, so install OpenVPN and import TryHackMe’s .ovpn configuration file.
• For today’s tasks it’s easiest to use the provided Attackbox, which already includes a server.py file and many useful tools.

Running the Python Server

1. Start the server in the Attackbox:

   python3 server.py

2. Open a new terminal (or browser) tab to continue working.

   • Switch between tabs with Alt+1 / Alt+2 (or Ctrl+Tab on your own machine).
   • The server will keep running in its own tab and will print any responses from the victim.

Using SEToolkit

• When SEToolkit launches, wait a moment if the 1 2 3 4 options don’t appear immediately.
• If Ctrl+V doesn’t paste, use Ctrl+Shift+V instead.

Task 2 – Login

1. Open Firefox (or any browser) on the Attackbox.
2. Navigate to the login page shown in the room.
3. Use the obvious credentials provided in the task description (e.g., admin / password).

Security Awareness

• Phishing tip: If an email urges you to act immediately or asks for a code/PIN/OTP, pause and verify the request.
• Visual tricks (e.g., low‑contrast text) can fool users on phones or with reduced eyesight.

Further Reading

• So you think you’ve been hacked by a sophisticated hacking group, what next? – InsiderPHD