[phillybilly]

It's this magical time of the year- Tryhackme Christmas calendar is back. Anyone joining?

https://tryhackme.com/r/christmas

[deathfrom2]

I've been trying to find these QR code. Any ideas?

[phillybilly]

I've been trying to find these QR code. Any ideas?

What do you mean by that? Simply create an account.

[deathfrom2]

I've been trying to find these QR code. Any ideas?

What do you mean by that? Simply create an account.

The QR codes for the side challenges. I have the first 2, I have no idea where the last two are

[phillybilly]

I've been trying to find these QR code. Any ideas?

What do you mean by that? Simply create an account.

The QR codes for the side challenges. I have the first 2, I have no idea where the last two are

Did you check the social media? "As a reminder, the three remaining pieces of the code were posted on our social media pages and channels between Tuesday, 28th November, and Thursday, 30th November. All the links to our social media channels can be found in Task 3 of the main Advent of Cyber room. Happy hunting! "

[deathfrom2]

I've been trying to find these QR code. Any ideas?

What do you mean by that? Simply create an account.

The QR codes for the side challenges. I have the first 2, I have no idea where the last two are

Did you check the social media? "As a reminder, the three remaining pieces of the code were posted on our social media pages and channels between Tuesday, 28th November, and Thursday, 30th November. All the links to our social media channels can be found in Task 3 of the main Advent of Cyber room. Happy hunting! "

Yeah, I checked what I can. I don't have accounts on social media. I've got the second QR code from their discord, which is pinned to the top of one of their channels. But I can't find the rest, I will have another look later

[Bendelladj1]

DAY-1

What is McGreedy's personal email address?
t.mcgreedy@antarcticrafts.thm
What is the password for the IT server room door?

BtY2S02
What is the name of McGreedy's secret project?

Purple Snow


DAY-2

Open the notebook "Workbook" located in the directory "4_Capstone" on the VM. Use what you have learned today to analyse the packet capture.
No answer needed
How many packets were captured (looking at the PacketNumber)?

100
What IP address sent the most amount of traffic during the packet capture?

10.10.1.4
What was the most frequent protocol?

ICMP
If you enjoyed today's task, check out the Intro to Log Analysis room.

No answer needed


DAY -3

Using crunch and hydra, find the PIN code to access the control system and unlock the door. What is the flag?
THM{pin-code-brute-force}
If you have enjoyed this room please check out the Password Attacks room.

No answer needed

Day - 4

What is the correct username and password combination? Format username:password
isaias:Happiness
What is the flag?

THM{m3rrY4nt4rct1crAft$}
If you enjoyed this task, feel free to check out the Web Enumeration room.

No answer needed


DAY - 5


How large (in bytes) is the AC2023.BAK file?
12,704
What is the name of the backup program?

BackupMaster3000
What should the correct bytes be in the backup's file signature to restore the backup properly?

41 43
What is the flag after restoring the backup successfully?

THM{0LD_5CH00L_C00L_d00D}
What you've done is a simple form of reverse engineering, but the topic has more than just this. If you are interested in learning more, we recommend checking out our x64 Assembly Crash Course room, which offers a comprehensive guide to reverse engineering at the lowest level.

No answer needed

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Spamming | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[roboticdanger]

Day-6

If the coins variable had the in-memory value in the image below, how many coins would you have in the game?
Ans:-
1397772111

What is the value of the final flag?
Ans:-
THM{mchoneybell_is_the_real_star}

[matt31]

I tried so hard in the last event just to get nothing so I passed on this but I might just enter the answers from walkthroughs because last time I couldn't win because of people like this.

[roboticdanger]

I tried so hard in the last event just to get nothing so I passed on this but I might just enter the answers from walkthroughs because last time I couldn't win because of people like this.

So? What are trying to say here?

---

Day - 7

How many unique IP addresses are connected to the proxy server?
9

How many unique domains were accessed by all workstations?
111

What status code is generated by the HTTP requests to the least accessed domain?
503

Based on the high count of connection attempts, what is the name of the suspicious domain?
frostlings.bigbadstash.thm

What is the source IP of the workstation that accessed the malicious domain?
10.10.185.225

How many requests were made on the malicious domain in total?
1581

Having retrieved the exfiltrated data, what is the hidden flag?
THM{a_gift_for_you_awesome_analyst!}