THM | AoC 2025 | Day 00
Advent of Cyber 2025 | Prep Track | Summary:
This Prep Track room introduces a ten‑mission beginner series on TryHackMe, covering password creation, malware scanning, basic Linux/Windows file navigation, breach checking, router hardening, app permission revocation, data leakage via chatbots, and HTTP log analysis.
Each mission provides a simple task and a flag to capture. The guide also includes prize info, rules, community links, and a festive storyline set in Wareville.
Disclaimer: Please note that this write‑up is NOT intended to replace the original room or its content; it serves only as supplementary material for users who are stuck and need additional guidance. This walkthrough presents one of many possible solutions to the challenges, without revealing any flags or passwords directly.
Welcome to Advent of Cyber 2025
Please read through the sections on amazing prizes, general rules, qualification criteria, certificates and badges, as well as information about officially recognized video walkthroughs.
Question-1: Got it!
No answer needed
How to use TryHackMe
Here you are provided with a brief guide on how to use TryHackMe’s tools—AttackBox, virtual machines, split‑screen, direct links, and remote connections—to complete the daily beginner challenges of Advent of Cyber.
Question-1: Got it!
No answer needed
Join our community
Here we have a promotional message encouraging people to follow TryHackMe on various social platforms and especially join its large Discord community, where members can discuss Advent of Cyber challenges, get help, learn about events, and access exclusive swag.
Question-1: Got it!
No answer needed
Introduction
Here we get a quick intro and a short story:
STORYLINE
"The snow has started falling in Wareville, home of The Best Festival Company (TBFC). The team is preparing for SOCMAS, the annual cyber celebration, but something’s not right. Systems are glitching, passwords are failing, and McSkidy suspects something is afoot. This name keeps coming up: King Malhare. What could it mean?"
But before joining the response team, we’ll do ten short missions that teach key cybersecurity skills and reveal clues for Advent of Cyber 2025. Each mission opens via a “View Site” button in a split‑screen view, with instructions on the left and the interactive challenge on the right.
Question-1: Warm me up!
No answer needed
Challenge 1 | Password Pandemonium
We get an alert about 73 weak TBFC accounts (even “P@ssw0rd123”). The challenge: craft a password ≥ 12 characters, mixing upper‑, lower‑case, numbers and symbols, and ensure it isn’t in any breach list. How about !_20AdventOfCyber25_!? :)
Question-1: What's the flag?
<flag>
Challenge 2 | The Suspicious Chocolate.exe
The task here is to use a simulated VirusTotal scanner—click “Scan,” look at the report (49 clean, 1 malicious)—and decide whether the executable is safe or malicious. There are only 2 choices, so 50% chance. That's not bad right? RIGHT???
Question-1: What's the flag?
<flag>
Challenge 3 | Welcome to the AttackBox!
The task is simple: locate and read the hidden welcome message by listing files, navigating into the challenges/ directory, and displaying welcome.txt with cat. Or simply grabbing it directly cat challenges/welcome.txt.
Question-1: What's the flag?
<flag>
Challenge 4 | The CMD Conundrum
The task is to use Windows Command Prompt to locate a hidden flag file: list files with dir, reveal hidden items with dir /a, then display the flag using type hidden_flag.txt. Or just like before, grabbing the flag directly: type mystery_data\hidden_flag.txt.
Question-1: What's the flag?
<flag>
Challenge 5 | Linux Lore
The challenge is to search McSkidy's home directory for a hidden message: navigate to /home/mcskidy/, list all files with ls -la, then display the secret flag using cat .secret_message. Or do it directly with: cat /home/mcskidy/.secret_message.
Question-1: What's the flag?
<flag>
Challenge 6 | The Leak in the List
The task is to use a breach‑checking service (like Have I Been Pwned) to see if [email protected] appears in any leaked database, then note which domain is flagged as “Compromised.”
Question-1: What's the flag?
<flag>
Challenge 7 | WiFi Woes in Wareville
The task is to log into the router (Username:admin | Password: admin), navigate to the Security Settings, and replace the default password with a strong one that meets the validation requirements. How about W4r3v1ll3W1llN0tF4ll!!! ?
Question-1: What's the flag?
<flag>
Challenge 8 | The App Trap
The challenge is to inspect the account’s connected apps, identify the one with suspicious permissions (e.g., password‑vault access), and revoke its access to stop the data leak. Now, why would an "Eastmas Scheduler" application need "Password Vault" access?
Question-1: What's the flag?
<flag>
Challenge 9 | The Chatbot Confession
The challenge is to review the chatbot’s conversation, pick out any messages that contain private data, and submit those as the answer. Internal links, credentials, security tokens are definitely a bad idea to share.
Question-1: What's the flag?
<flag>
Challenge 10 | The Bunny’s Browser Trail
The challenge is to examine the provided HTTP logs, compare the entries to normal browsers (Chrome, Firefox, Edge), and pinpoint the anomalous user‑agent string. Who would nowadays use BunnyOS during Christmastime?
.
Question-1: What's the flag?
<flag>
The Finish Line
Here we are invited to keep learning with TryHackMe, earn raffle tickets for the AoC giveaway, and look forward to the main event on the Advent of Cyber landing page.
Question-1: Bring on Advent of Cyber 2025!
No answer needed