advent-of-cyber-2025
Room Link: https://tryhackme.com/room/phishing-aoc2025-h2tkye9fzU
βΆοΈ John Hammond β Day 2 Video Walkthrough
We are providing the official Day 2 walkthrough video for quick onboarding:
π YouTube Link: https://youtu.be/w8O8FcRgDXU?si=y_AI4wT_e4s6Bm1P
π£ Advent of Cyber 2025 β Day 2 Write-Up
𧩠Social Engineering & Phishing
β
π§ Social Engineering β Quick Overview
Social engineering is human hacking β manipulating people into making security mistakes like:
- Giving passwords
- Clicking malicious links
- Opening infected attachments
- Approving fake payments
- Sharing sensitive info
Attackers exploit urgency, fear, curiosity, authority, and carelessness.
It has nothing to do with hacking computers β itβs about hacking people.
π― Phishing
Phishing = social engineering through messages (email, SMS, QR codes, phone calls, DMs).
Goal:
π Make the victim click, open, or reply, so the attacker can steal credentials, money, or access.
π§ Anti-Phishing Mnemonic: S.T.O.P.
1οΈβ£ First S.T.O.P. β Ask Yourself
- Suspicious?
- Telling me to click?
- Offering amazing deal?
- Pushing urgency?
2οΈβ£ Second S.T.O.P. β Do This
- Slow down
- Type the URL manually
- Open nothing unexpected
- Prove the sender
If you just follow this, you avoid 90% of phishing attacks.
πͺ€ Building the Trap β Fake Login Page
The attacker hosts a fake TBFC login portal using:
./server.py
Any submitted credentials appear directly in your terminal β no database needed.
π§ Delivering the Phish Using S.E.T. (Social-Engineer Toolkit)
Launch the tool:
setoolkit
Choose:
1) Social-Engineering Attacks
5) Mass Mailer Attack
1) Single Email Address
Required Inputs
| Prompt | Value |
|---|---|
| Send to | factory@wareville.thm |
| Use server/open relay | 2 |
| From address | updates@flyingdeer.thm |
| From name | Flying Deer |
| SMTP server | target-ip |
| SMTP port | 25 |
| High priority | no |
| Attach file | n |
| Inline file | n |
| Subject | Shipping Schedule Changes |
π Email Body (Plaintext)
Hello,
Kindly note that there have been significant changes to the shipping schedules due to increased shipping orders.
Please confirm the new schedule by visiting http://10.49.101.188:8000
Best regards,
Flying Deer
END
<p>SET sends the email to the target machine and it (AI-Agent) will automatically click the url and enter the creds that will come to us on our attacker machine. Your server terminal immediately shows the captured credentials.</p>
β Challenge Answers
1οΈβ£ TBFC Portal Password
unranked-wisdom-anthem
2οΈβ£ Total Toys Expected for Delivery
Visit:
http://<target-ip>
Use harvested creds β read mailbox β find shipment stats.
Answer:
1984000
π
Keep practicing β phishing kills companies more often than malware.
π Stay alert, stay skeptical, stay safe.