This repository contains walkthroughs for various rooms on TryHackMe, a platform for learning and practicing cybersecurity skills through hands-on virtual environments. Each directory corresponds to a specific room and includes a detailed walkthrough guide, along with any necessary files or resources. Purpose of creating this for self learning and helping others.
| Room Name | Difficulty | Type | Description | Room Type |
|---|---|---|---|---|
| 0x41haz | Easy | Linux | Simple Reversing Challenge | Reverse Engerniering |
| Agent Sudo | Easy | Linux | You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth | CTF CVE-2019-14287 |
| Annie | Medium | Linux | Remote access comes in different flavors | AnyDesk 5.5.2 – Remote Code Execution CVE-2020-13160 |
| Anonforce | Easy | Linux | boot2root machine for FIT and bsides guatemala CTF | CTF |
| Archangel | Easy | Linux | Boot2root, Web exploitation, Privilege escalation, LFI | CTF |
| Basic-Pentesting | Easy | Linux | This is a machine that allows you to practise web app hacking and privilege escalation | Beginner Level CTF |
| Battery | Medium | Linux | CTF designed by CTF lover for CTF lovers | Re-Registration Attack XML External Entity Sudo Abuse |
| Biteme | Medium | Linux | Stay out of my server! | CTF |
| Blue | Easy | Windows | Windows Exploitation Basics - Easy | MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption |
| Blueprint | Easy | Windows | Hack into this Windows machine and escalate your privileges to Administrator. | osCommerce 2.3.4.1 - Remote Code Execution ----------->re doing deleted. it Lab |
| Bounty Hacker | Easy | Linux | You talked a big game about being the most elite hacker in the solar system. Prove it and claim your right to the status of Elite Bounty Hacker! | Beginner Level CTF |
| Break Out The Cage | Easy | Linux | Help Cage bring back his acting career and investigate the nefarious goings on of his agent! | CTF |
| Brooklyn-Nine-Nine | Easy | Linux | This room is aimed for beginner level hackers but anyone can try to hack this box. There are two main intended ways to root the box | Beginner Level CTF |
| Bugged | Easy | Linux | John likes to live in a very Internet connected world. Maybe too connected... | IoT Device hacking |
| C4ptur3-th3-fl4g | Easy | Linux | A beginner level CTF challenge | Decoding Messages Spectrograms Steganography Security through obscurity |
| CMesS | Medium | Linux | Can you root this Gila CMS box? | Gila CMS 1.10.9 |
| CTF collection Vol.2 | Medium | Linux | Sharpening up your CTF skill with the collection. The second volume is about web-based CTF. | CTF Cryptography |
| Capture! | Easy | Web | Can you bypass the login form? | Authentication vulnerability |
| Careers in Cyber | Info | None | Learn about the different careers in cyber security | Guide |
| Cheese CTF | Easy | Linux | Inspired by the great cheese talk of THM! | CTF LFI RCE SUID |
| Chocolate_Factory | Easy | Linux | A Charlie And The Chocolate Factory themed room, revisit Willy Wonka's chocolate factory! | Beginner Level CTF |
| Cicada-3301 Vol:1 | Medium | Linux | A basic steganography and cryptography challenge room based on the Cicada 3301 challenges | Cryptography |
| Corridor | Easy | Web | Can you escape the Corridor? | IDOR |
| Crack the Hash Level 1 | Easy | any | Cracking hashes challenges | Cryptography |
| Crack The Hash Level 2 | Medium | Any | Advanced cracking hashes challenges and wordlist generation | Cryptography |
| Dogcat | Medium | Linux | I made a website where you can look at pictures of dogs and/or cats! Exploit a PHP application via LFI and break out of a docker container. | CTF Web |
| FFuF | Easy | Linux | Enumeration, fuzzing, and directory brute forcing using ffuf | Tool Guide |
| Hacker v/s Hacker | Easy | Linux | Someone has compromised this server already! Can you get in and evade their countermeasures? | LFI |
| HaskHell | Medium | Linux | Teach your CS professor that his PhD isn't in security. | Python |
| Hydra | Easy | Linux | Learn about and use Hydra, a fast network logon cracker, to bruteforce and obtain a website's credentials | Tool Guide |
| Ice | Easy | Windows | Deploy & hack into a Windows machine, exploiting a very poorly secured media server | Buffer overflow in Icecast 2.0.1 allows remote attackers to execute arbitrary code via an HTTP request CVE-2004-1561 |
| Ignite | Easy | Linux | A new start-up has a few issues with their web server | vulnerable CMS service |
| kenobi | Easy | Linux | Walkthrough on exploiting a Linux machine. Enumerate Samba for shares, manipulate a vulnerable version of proftpd and escalate your privileges with path variable manipulation. | ProFtpd SUID |
| Kiba | Easy | Linux | Identify the critical security flaw in the data visualization dashboard, that allows execute remote code execution. | CVE-2019-7609 |
| Looking Glass | Linux | Medium | Step through the looking glass. A sequel to the Wonderland challenge room. | CTF |
| Madness | Easy | Linux | Will you be consumed by Madness? | CTF Steganography setuid |
| Metamorphosis | Medium | Linux | Part of Incognito CTF | CTF rsync SQL |
| Mindgames | Medium | Linux | Just a terrible idea... | Python C |
| Mr Robot CTF | Medium | Linux | Based on the Mr. Robot show, can you root this box? | CTF |
| Nax | Medium | Linux | Identify the critical security flaw in the most powerful and trusted network monitoring software on the market, that allows an user authenticated execute remote code execution. | CVE-2019-15949 Metasploit |
| Oh My WebServer | Medium | Linux | Can you root me? | CVE-2021-41773 |
| Pickle Rick | Easy | Linux | A Rick and Morty CTF. Help turn Rick back into a human! | CTF Web Cmd |
| Psyco Break | Easy | Linux | Help Sebastian and his team of investigators to withstand the dangers that come ahead. | CTF |
| Publisher | Easy | Linux | Test your enumeration skills on this boot-to-root machine | CTF CVE-2023-27372 |
| Simple CTF | Easy | Linux | Beginner level ctf | CVE-2019-9053 Vim |
| Startup | Easy | Linux | Abuse traditional vulnerabilities via untraditional means. | CTF |
| The Great Escape | Medium | Linux | Our devs have created an awesome new site. Can you break out of the sandbox? | API Docker |
| The London Bridge | Medium | Linux | The London Bridge is falling down | SSRF CVE-2018-18955 |
| The Marketplace | Medium | Linux | Can you take over The Marketplace's infrastructure? | XSS SQL Docker |
| The Server From Hell | Medium | Linux | Face a server that feels as if it was configured and deployed by Satan himself. Can you escalate to root? | CTF |
| Tomghost | Easy | Linux | Identify recent vulnerabilities to try exploit the system or read files that you should not have access to. | CVE-2020–1938 |
| Toolbox: Vim | Easy | Lin/Win | Learn vim, a universal text editor that can be incredibly powerful when used properly. From basic text editing to editing of binary files, Vim can be an important arsenal in a security toolkit. | Text Editor |
| UltraTech | Medium | Linux | The basics of Penetration Testing, Enumeration, Privilege Escalation and WebApp testing | CTF |
| W1seGuy | Easy | Linux | A w1se guy 0nce said, the answer is usually as plain as day. | Cryptographic |
| Watcher | Medium | Linux | A boot2root Linux machine utilising web exploits along with some common privilege escalation techniques | LFI Cronjob |
| Web Application Security | Easy | Web | Learn about web applications and explore some of their common security issues. | Info |
| Wekor | Medium | Linux | CTF challenge involving Sqli , WordPress , vhost enumeration and recognizing internal services ;) | SQL WordPress Eeverse engineering |
| Welcome | Easy | Linux | Learn how to use a TryHackMe room to start your upskilling in cyber security. | Info |
| Wgel CTF | Easy | Linux | Can you exfiltrate the root flag? | CTF |
| Whiterose | Easy | Linux | Yet another Mr. Robot themed challenge. | EJS SSTI |
| Wonderland | Medium | Linux | Fall down the rabbit hole and enter wonderland | Python |
| Year of the Dog | Hard | Linux | Always so polite... | Sqli Gitea |
| Year-of-the-Owl | Hard | Windows | The foolish owl sits on his throne... | CTF |
| Zeno | Medium | Linux | Do you have the same patience as the great stoic philosopher Zeno? Try it out! | Restaurant Management System 1.0 - Remote Code Execution |
In addition to the walkthroughs, this repository may also include other relevant files or resources associated with each room, such as exploit scripts, log files, or nmap scans. These files can be found within the respective directories.
Sometime im too lazy to make a complete walkthorugh so please ignore that..
Please note that the walkthroughs provided here are for educational purposes only and should not be used for any malicious activities. Always adhere to ethical hacking practices and respect the terms and conditions of the TryHackMe platform.
Feel free to explore the walkthroughs and learn more about the different challenges and techniques covered in each room.
If you would like to contribute to this repository by adding your own walkthroughs or improving existing ones, please follow the standard GitHub workflow: Fork the repository, make your changes, and submit a pull request. Your contributions are greatly appreciated! Happy hacking!