FarrosFR

Back
credit: TryHackMecredit: TryHackMe
2 min
en
tryhackme /
write-up

Phising | Advent of Cyber 2025 Day 2 Write-Up

TryHackMe Write-Up for Advent of Cyber 2025.
views | comments

Here i want to share about my write-up for the room Phising | Advent of Cyber 2025 (Day 2).

Task 1: Introduction#

This section introduces the scenario: The Best Festival Company (TBFC) has faced security threats, prompting a Red Team assessment. You are working with “Recon McRed” and others to execute a phishing campaign to test employee diligence. The objective is to learn about social engineering, types of phishing, creating fake login pages, and using the Social-Engineer Toolkit. This task also involves initializing the necessary AttackBox and Target VM environments.

I have successfully started the AttackBox and the target machine!

No answer needed

Task 2: Phishing Exercise for TBFC#

This task dives into the mechanics of social engineering and phishing. It defines Social Engineering as manipulating humans into making security mistakes by exploiting psychology (urgency, curiosity, authority), and Phishing as a subset of this using communication mediums like email.

The task outlines the S.T.O.P. method for defense (Suspicious, Telling, Offering, Pushing) and guides the user through a Red Team attack simulation:

  1. Building the Trap: A fake TBFC login page script (server.py) is provided. When run, it hosts a web server on port 8000 to capture credentials.
  2. Delivery: Using the Social-Engineer Toolkit (SET) (setoolkit), the attacker configures a “Mass Mailer Attack”.
  3. Configuration: The email is spoofed to look like it comes from “Flying Deer” (updates@flyingdeer.thm) and is sent to factory@wareville.thm via the internal SMTP server. The body contains the link to the malicious server (http://<IP>:8000).
  4. Exploitation: Once the target clicks the link and logs in, the credentials are captured in the attacker’s terminal.

What is the password used to access the TBFC portal?

alt text

unranked-wisdom-anthem

Browse to http://10.49.171.168 from within the AttackBox and try to access the mailbox of the factory user to see if the previously harvested admin password has been reused on the email portal. What is the total number of toys expected for delivery?

alt text

alt text

1984000

If you enjoyed today’s room, feel free to check out the Phishing Prevention room.

No answer needed

Phising | Advent of Cyber 2025 Day 2 Write-Up
https://farrosfr.com/blog/phising-advent-of-cyber-2025-day-2-write-up
Author Mochammad Farros Fatchur Roji
Published at December 21, 2025
Copyright CC BY-NC-SA 4.0
Buy me a cup of coffee ☕.

Splunk | Advent of Cyber 2025 Day 3 Write-Up

Linux CLI | Advent of Cyber 2025 Day 1 Write-Up