TryHackMe is an online platform for learning and teaching cybersecurity, which is beginner-friendly and versatile in different topics.
It consists of tons of rooms, which are virtual classrooms dedicated to particular cybersecurity topics, with different difficulties.
| Room | Tags | Difficulty | Description |
|---|---|---|---|
| Advent of Cyber | ctf, challenge, advent | Easy | Get started with Cybersecurity in 25 days. Learn the basics by doing a new beginner friendly security challenge everyday leading to Christmas |
| Agent Sudo | enumerate. exploit, brute-force, hash cracking | Easy | You found a secret server located under the deep sea. Your task is to hack into the server and reveal the truth |
| Basic Pentesting | security, webapp, boot2root, cracking | Easy | This is a machine that allows you to practice web app hacking and privilege escalation |
| Blaster | retro, windows, redux, privesc | Easy | A blast from the past |
| Blue | windows, eternalblue, ms17-010, cve-2017-0144 | Easy | Deploy and hack into a Windows machine, leveraging common misconfiguration issues |
| Bounty hacker | linux, tar, privesc, security | Easy | A talked a big game about being the most elite hacker in the solar system. Prove it and earn your right to the status of bounty hunter |
| Brooklyn99 | security, nmap, gobuster, pentest | Easy | This room is aimed at beginner level hackers but anyone can try to hack this box |
| Brute It | security, bruteforce, hash cracking, privilege escalation | Easy | Learn how to brute, hash cracking and privilege escalation in this box |
| CC: Steganography | security, steg, secret, steganography | Easy | A crash course on the topic of steganography |
| CC: Pentesting | security, pentesting, beginner | Easy | A crash course on various topics in penetration testing |
| CTF Collection Vol. 1 | capture the flag, stego, crypto, binary | Easy | Sharpening up your CTF skills with the collection. The first volume is designed for beginners |
| Cod caper | security, pwn, pwntools, reversing | Easy | A guided room taking you through infiltrating and exploiting a Linux system |
| Crypto 101 | security, crypto, 101, encryption | Easy | An Introduction to cryptography as part of a series on Crypto |
| Golden Eye | hydra, email, enumeration, nmap | Medium | Bond, James Bond. A guided CTF |
| Hash cracking | hash, hashcat, johntheripper, cracking | Easy | Cracking hashes challenge |
| Hydra | hydra, bruteforce | Easy | Learn about and use hydra, a fast network logon cracker, to bruteforce and obtain a website's credentials |
| Ice | windows, nmap, mimikatz, metasploit | Easy | Deploy and hack into a Windows machine, exploiting a very poorly secured media server |
| Ignite | ctf, boot2root, privesc, exploit | Easy | A new startup has some issues with their servers |
| Injection | security, linux, web, os command injection | Easy | Walkthrough of OS command injection. Demonstrate OS command injection and how to prevent it on your servers |
| Intro to Assembly | security, assembly, reverse engineering, radare2 | Easy | This room teaches the basics of x86-64 assembly language |
| Intro to Django | security, django, python, web | Easy | How it works and why should I learn it |
| Intro to Networking | networking, osi, beginner path, networking tools | Easy | An introduction to basic networking and basic networking tools |
| Intro to the Internet of Things | internet of things, iot, netgear, ap | Easy | A beginner friendly walkthrough for Internet of Things(IoT) pentesting |
| Javascript Basics | javascript, web development, beginner, accessible | Easy | Learn Javascript, the high level, multi-paradigm language of the web |
| LFI Basics | security, learning, lfi, basics | Easy | Learn the basics of Local File Inclusion |
| LFI Inclusion | web, file inclusion, lfi, sudo | Easy | A beginner level Local File inclusion challenge |
| Lazy Administrator | security, linux | Medium | Easy linux machine to practice your skills |
| Linux Privilege Escalation | privesc, privilege escalation, linux, linux privilege escalation | Medium | Practice your Linux Privilege escalation skills on an intentionally misconfigured Debian VM with multiple ways to get root |
| Linux Privilege Escalation arena | security, linux, privesc | Medium | Students will learn how to escalate privileges using a very vulnerable Linux VM. SSH is open |
| Mr. Robot CTF | mrrobot, root, beginner | Medium | Based on the Mr. Robot show, can you root this box? |
| Musical Steganography | steganography, audio, qr, morse | Medium | This audio file is hiding some things, are you able to extract enough data to obtain the flag? |
| OWASP Juice Shop | owasp, web, juiceshop, burp | Easy | This room uses the OWASP Juice Shop vulnerable application to learn how to identify and exploit common web vulnerabilities |
| OWASP Top 10 | owasp, top 10, injection, web, broken authentication | Medium | Learn about and exploit each of the OWASP Top 10 vulnerabilities, the 10 most critical web security risks |
| OhSINT | osint, internet, dorks | Easy | Are you able to use Open Source Intelligence to solve this challenge? |
| CC: Radare 2 | radare2, assembly, crackme | Easy | An in-depth crash course on Radare2 |
| Simple CTF | security, enumeration, privesc | Easy | Beginner level CTF |
| Tomghost | tomcat, zip, pgp, cve-2020-1938 | Easy | Identify recent vulnerabilities to try exploit the system or read files that you should not have access to |
| Vulnversity | recon, privesc, webappsec | Easy | Learn about active recon, web app attacks and privilege escalation |
| Web Fundamentals | web, http, ctf, beginner | Easy | Learn how the web works |
| Web Scanning | security, web, app, scanning | Easy | Learn the basics of automated web scanning |
| WiFi Hacking 101 | security, wifi, wireless, wpa2 | Easy | Learn to attack WiFi Protected Access(2) networks |
| Wireshark | pcap analysis, forensics, wireshark, threat hunting | Easy | Learn the basics of Wireshark and how to analyze various protocols and PCAPs |
| Root me | security, web, linux, privilege-escalation | Easy | A CTF for beginners, can you root me? |