TryHackMe – Advent of Cyber 3 – Walkthrough

Introduction

This page contains a walkthrough and notes for the Advent of Cyber 3 room on TryHackMe.

Advent of Cyber 3 is a holiday themed, beginner friendly room designed to teach fundamentals of cyber security. Each day of the Advent calendar leading to Christmas has a corresponding challenge in the room for a total of 25 challenges.

Walkthrough

This page provides a centralized source for each day’s walkthrough. You can find links to each day’s challenge walkthrough after a brief description of that day’s activities.

Day 1 – Save The Gifts

Day 1 is about IDOR vulnerabilities. IDOR stands for Insecure Direct Object Reference, and is a vulnerability that allows unauthorized access to information.

Click here to check out the complete walkthrough for Day 1.

Day 2 – Elf HR Problems

On day 2 we get to hack a real website by manipulating cookies.

Click here to check out the complete walkthrough for Day 2.

Day 3 – Christmas Blackout

Day 3 is all about enumeration. Enumeration is key. This is one of the most important lessons to learn when starting out in offensive cybersecurity.

Click here to check out the complete walkthrough for Day 3!

Day 4 – Santa’s Running Behind

Today is all about using a program called Burp Suite to crack our way into Santa’s schedule.

Burp Suite is an incredibly useful, common, and (relatively) easy to use tool. It can be used to modify things like HTTP requests as well as cookies. For example, you can use it to automate the manual cookie manipulation process we covered in Day 3.

Click here to check out the complete walkthrough for Day 4!

Day 5 – Pesky Elf Forum

The focus for Day 5 is Cross Site Scripting (XSS) vulnerabilities.

Click here to check out the complete walkthrough for Day 5!

Day 6 – Patch Management is Hard

Despite the name (patch management), Day 6 is really about Local File Inclusion vulnerabilities. LFI is another type of vulnerability that can occur when input isn’t sanitized or validated.

Click here to check out the complete walkthrough for Day 6!

Day 7 – Migration Without Security

Day 7 is all about NoSQL databases.

Click here to check out the complete walkthrough for Day 7!

Day 8 – Santa’s Bag of Toys

Today’s activity is a little different from the previous days’. The focus is on using logs to perform detective work. Through the logs, we’ll get some exposure to Windows commands and learn how to trace an attacker’s actions.

Click here to check out the complete walkthrough for Day 8!

Day 9 – Where is All This Data Going?

Day 9 is all about WireShark, a popular packet analysis tool that comes installed on Kali Linux (i.e. the AttackBox).

Click here to check out the complete walkthrough for Day 9!

Day 10 – Offensive is the Best Defense

Today’s task is an introduction to nmap. nmap is an incredibly popular port scanning tool used in networking. It is an industry standard and is used in penetration testing, bounty hunting, red and blue team operations.

Click here to check out the complete walkthrough for Day 10!

Day 11 – Where Are the Reindeers?

The focus of Day 11 is interacting with SQL databases using a Relational Database Management System (RDBMS).

Click here to check out the complete walkthrough for Day 11!

Day 12 – Sharing Without Caring

Today’s activity is a mini-CTF that highlights some important skills. It includes NFS, mounting, and SSH keys.

Click here to check out the complete walkthrough for Day 12!

Day 13 – They Lost The Plan!

The challenge for Day 13 is a mini-CTF requiring both Windows and Linux skills.

Click here to check out the complete walkthrough for Day 13!

Day 14 – Dev(Insecure)Ops

The focus topic of the day is CI/CD, which stands for Continuous Integration/Continuous Delivery/Deployment. We’ll learn about CI/CD as well as how to exploit some common issues specific to the CI/CD processes.

Click here to check out the complete walkthrough for Day 14!

Day 15 – The Grinch’s Day Off

Take the day off! Or use it to learn some more awesome stuff…

Day 16 – OSINT Ransomware Madness

Day 16 is all about Open Source Intelligence, or OSINT. OSINT is the process of gathering and analyzing as much useful information about a target as possible, using publicly available resources.

Click here to check out the complete walkthrough for Day 16!

Day 17 – Elf Leaks

The focus for Day 17 is on learning and exploiting Amazon Simple Storage Service (S3) services.

Click here to check out the complete walkthrough for Day 17!

Day 18 – Playing With Containers

Day 18 is all about Docker! Docker is a virtualization software designed to help developers build and deploy applications quickly.

Click here to check out the complete walkthrough for Day 18!

Day 19 – Something Phishy is Going On

The focus of Day 19 is on how to recognize, prevent, and investigate phishing attacks.

Click here to check out the complete walkthrough for Day 19!

Day 20 – What’s the Worst That Could Happen?

Today’s topic has to do with investigating viruses using commands and open source tools like VirusTotal.

Click here to check out the complete walkthrough for Day 20!

Day 21 – Needles in Computer Stacks

Day 21’s challenges cover YARA, a popular pattern matching tool that is used to recognize malware.

Click here to check out the complete walkthrough for Day 21!

Day 22 – How it Happened

Today’s focus is on using CyberChef and oledump.

Click here to check out the complete walkthrough for Day 22!

Day 23 – PowershELlF Magic

Day 23 is another fun defensive scenario in which we use logs to perform detective work. It features PowerShell logs and scripts, and an interesting scenario where the attacker encrypts data and sends it a server using an HTTP POST request. After figuring out the mystery, we learn how to decrypt the information to retrieve our data!

Click here to check out the complete walkthrough for Day 23!

Day 24 – Learning From the Grinch

Christmas Eve. We’ve made it so far. Today is a light day that features a bit of PowerShell on Windows and John the Ripper on Kali Linux. It covers the topics of post exploitation, password hashing, authentication, and dumping password hashes.

Click here to check out the complete walkthrough for Day 24!