ADVENT OF CYBER 2024

Beginner-friendly festive challenges — selected days and answers

> Room Link > Back to THM

Challenge 1 — Password Pandemonium

Password Pandemonium

Objective: Create a password that passes all system checks (12+ chars, mixed case, numbers, symbols) and isn't found in the leaked password list.

CHALLENGE
What's the flag?
Flag
THM{Y0u_Ar3_A_P455w0rd_Pr0}

Challenge 2 — The Suspicious Chocolate.exe

Suspicious Chocolate.exe Scan

Objective: Analyze the chocolate.exe file using the simulated scanner. With only 1/50 detection, is it a false positive or a true threat?

CHALLENGE
What's the flag?
Flag
THM{M4lwar3_Sc4nn1ng_Sk1ll5}

Challenge 3 — Welcome to the AttackBox!

AttackBox Terminal

Objective: Use the command line to navigate files. Run ls to list, cd challenges/ to change directory, and cat welcome.txt to read the file.

CHALLENGE
What's the flag?
Flag
THM{C0mm4nd_L1n3_H3r0}

Challenge 4 — The CMD Conundrum

Windows CMD

Objective: Investigate the system using Windows commands. Use dir /a to reveal hidden files and type to read the content.

CHALLENGE
What's the flag?
Flag
THM{M4st3r_0f_Th3_CMD}

Challenge 5 — Linux Lore

Linux Lore

Objective: Search McSkidy's home directory. Use ls -la to reveal hidden files (starting with a dot) and read the secret message.

CHALLENGE
What's the flag?
Flag
THM{L1nux_L3g3nd_F0und}

Challenge 6 — The Leak in the List

Breach Checker

Objective: Use the breach checker tool to verify if mcskidy@tbfc.com has been compromised. Identify the breached domain to reveal the flag.

CHALLENGE
What's the flag?
Flag
THM{D4ta_L34k_D3t3ct3d}

Challenge 7 — WiFi Woes in Wareville

Router Login

Objective: The drones are compromised because of default credentials. Log in using admin:admin, navigate to Security Settings, and set a new strong password to secure the network.

CHALLENGE
What's the flag?
Flag
THM{R0ut3r_S3cur1ty_Guru}

Challenge 8 — The App Trap

App Permissions

Objective: Review the connected applications. Identify the suspicious app requesting excessive permissions (like accessing private messages) and click "Revoke Access" to secure the account.

CHALLENGE
What's the flag?
Flag
THM{S0c1al_M3d1a_S3cur3d}

Challenge 9 — The Chatbot Confession

FestiveBot AI

Objective: FestiveBot is leaking data! Review the chat logs and click on the specific messages that reveal sensitive information (like internal URLs or credentials) to stop the leak.

CHALLENGE
What's the flag?
Flag
THM{A1_Chatb0t_Reve4led}

Challenge 10 — The Bunny’s Browser Trail

Web Log Analysis

Objective: Analyze the HTTP logs to find the heavy traffic source. Identify the suspicious User Agent BunnyOS/1.0 (HopSecBot) that stands out from standard browsers like Chrome or Firefox.

CHALLENGE
What's the flag?
Flag
THM{H0pS3cBot_D3t3ct3d}
> Back to THM > Explore Blogs