advent-of-cyber-2025

Room Link:
https://tryhackme.com/room/webhackingusingcurl-aoc2025-w8q1a4s7d0

▶️ CYBERWOX – Day 24 Video Walkthrough

Official walkthrough for quick onboarding:

🔗 YouTube Link:
https://youtu.be/nbJ_tuXZa24?si=0YQF4nU9Jjn2BiJ2

---

🎄 Advent of Cyber 2025 — Day 24 Write-Up

🧩 Exploitation with cURL — Hoperation Eggsploit

---

📘 Review the Theory

Refer to the TryHackMe theory section before starting this challenge.

---

✅ Challenge Answers

---

1️⃣ Make a POST request to /post.php using admin:admin. What flag do you receive?

THM{curl_post_success}

---

2️⃣ Send credentials to /cookie.php, save the session cookie, then reuse it. What flag do you receive?

THM{session_cookie_master}

---

3️⃣ After brute-forcing /bruteforce.php, what is the admin password?

secretpass

---

4️⃣ Make a request to /agent.php with the User-Agent set to TBFC. What flag do you receive?

THM{user_agent_filter_bypassed}

---