In this room we join the TBFC red team and launch a Python server that hosts a fake login page to capture credentials. Using SET (Social-Engineer Toolkit) we craft a spoofed email pointing to our fake login page.
The victim clicks, submits credentials, and we log the username‑password pair, then reuse it to access the real TBFC portal as factory. Finally, we terminate the server and clean up.
We start out by investigating a compromised server, collect some hidden flags and uncover some secrets. All this, by using nothing but basic Linux CLI commands.
For the bonus part, we first solve three riddles, then concatenate the fragments and decrypt a note. Once we fixed a glitching server, we capture the ciphertext, decode it, then decrypt the secret archive directory which was left behind. Extracting the archive enables us to retrieve the final side-quest flag.
This Prep Track room introduces a ten‑mission beginner series on TryHackMe, covering password creation, malware scanning, basic Linux/Windows file navigation, breach checking, router hardening, app permission revocation, data leakage via chatbots, and HTTP log analysis.
Each mission provides a simple task and a flag to capture. The guide also includes prize info, rules, community links, and a festive storyline set in Wareville.