THM | AoC 2025 | Day 02
· 12 min read
Advent of Cyber 2025 | Day 02 | Summary:
In this room we join the TBFC red team and launch a Python server that hosts a fake login page to capture credentials. Using SET (Social-Engineer Toolkit) we craft a spoofed email pointing to our fake login page.
The victim clicks, submits credentials, and we log the username‑password pair, then reuse it to access the real TBFC portal as factory. Finally, we terminate the server and clean up.