NB: No direct flags, try harder! :-)
TryHackMe is an online platform for learning and teaching cybersecurity, which is beginner-friendly and versatile in different topics.
It consists of tons of rooms, which are virtual classrooms dedicated to particular cybersecurity topics, with different difficulties.
| Room | Tags | Difficulty | Description |
|---|---|---|---|
| Advent of Cyber | ctf, challenge, advent | Easy | Get started with Cybersecurity in 25 days. Learn the basics by doing a new beginner friendly security challenge everyday leading to Christmas |
| Agent Sudo | enumerate. exploit, brute-force, hash cracking | Easy | You found a secret server located under the deep sea. Your task is to hack into the server and reveal the truth |
| Anonymous | security, linux, permissions, medium | Medium | Not the hacking group |
| Basic Pentesting | security, webapp, boot2root, cracking | Easy | This is a machine that allows you to practice web app hacking and privilege escalation |
| Biohazard | cipher, base, stego, root | Medium | A CTF room based on the old time survival game, Resident Evil. Can you survive till the end? |
| Blaster | retro, windows, redux, privesc | Easy | A blast from the past |
| Blue | windows, eternalblue, ms17-010, cve-2017-0144 | Easy | Deploy and hack into a Windows machine, leveraging common misconfiguration issues |
| Bounty hacker | linux, tar, privesc, security | Easy | A talked a big game about being the most elite hacker in the solar system. Prove it and earn your right to the status of bounty hunter |
| Break It | bases, cipher, bit shift | Medium | Can you break the code? |
| Brooklyn99 | security, nmap, gobuster, pentest | Easy | This room is aimed at beginner level hackers but anyone can try to hack this box |
| Brute It | security, bruteforce, hash cracking, privilege escalation | Easy | Learn how to brute, hash cracking and privilege escalation in this box |
| Bsides Library | security | Easy | Boot2Root CTF for FIT and Bsides Guatemala CTF |
| CC: Ghidra | security, re, reverse engineering, ghidra | Easy | A crash course on the reverse engineering tool - Ghidra |
| CC: Steganography | security, steg, secret, steganography | Easy | A crash course on the topic of steganography |
| CC: Pentesting | security, pentesting, beginner | Easy | A crash course on various topics in penetration testing |
| CTF Collection Vol. 1 | capture the flag, stego, crypto, binary | Easy | Sharpening up your CTF skills with the collection. The first volume is designed for beginners |
| Chill Hack | security, realworld, commandinjection, sqlinjection | Medium | This room provides the real world pentesting challenges |
| Cicada-3301 Volume 1 | security, audio, steganography, cryptography | Medium | A basic steganography and cryptography challenge room based on the Cicada-3301 challenges |
| Cod caper | security, pwn, pwntools, reversing | Easy | A guided room taking you through infiltrating and exploiting a Linux system |
| Crypto 101 | security, crypto, 101, encryption | Easy | An Introduction to cryptography as part of a series on Crypto |
| Dogcat | php, lfi, docker, security | Medium | I made a website where you can look at pictures of dogs and/or cats. Exploit a PHP application via LFI and break out of a Docker container |
| Find | linux, terminal, bash | Easy | A learn-by-doing approach to the find command |
| Geolocating Images | osint, geolocation | Easy | Room to understand how to geolocate images |
| Golden Eye | hydra, email, enumeration, nmap | Medium | Bond, James Bond. A guided CTF |
| Hash cracking | hash, hashcat, johntheripper, cracking | Easy | Cracking hashes challenge |
| Phishing: Hidden Eye | security, phishing, hidden eye | Easy | A simple guide on how to use a tool known as HiddenEye developed by ANONUD4Y. This tool helps you create a phishing page for different sites such as Gmail, Snapchat, Paypal and more. Including understanding the difference between legit and fake site. |
| Hydra | hydra, bruteforce | Easy | Learn about and use hydra, a fast network logon cracker, to bruteforce and obtain a website's credentials |
| Ice | windows, nmap, mimikatz, metasploit | Easy | Deploy and hack into a Windows machine, exploiting a very poorly secured media server |
| Ignite | ctf, boot2root, privesc, exploit | Easy | A new startup has some issues with their servers |
| Injection | security, linux, web, os command injection | Easy | Walkthrough of OS command injection. Demonstrate OS command injection and how to prevent it on your servers |
| Intro to Assembly | security, assembly, reverse engineering, radare2 | Easy | This room teaches the basics of x86-64 assembly language |
| Intro to Django | security, django, python, web | Easy | How it works and why should I learn it |
| Intro to Networking | networking, osi, beginner path, networking tools | Easy | An introduction to basic networking and basic networking tools |
| Intro to the Internet of Things | internet of things, iot, netgear, ap | Easy | A beginner friendly walkthrough for Internet of Things(IoT) pentesting |
| Javascript Basics | javascript, web development, beginner, accessible | Easy | Learn Javascript, the high level, multi-paradigm language of the web |
| Kenobi | samba, path-manipulation, suid, smb | Easy | Walkthrough on exploiting a Linux machine. Enumerate Samba for shares, manipulate a vulnerable version of proFTPd and elevate your privileges via path variable manipulation |
| LFI Basics | security, learning, lfi, basics | Easy | Learn the basics of Local File Inclusion |
| LFI Inclusion | web, file inclusion, lfi, sudo | Easy | A beginner level Local File inclusion challenge |
| Lazy Administrator | security, linux | Medium | Easy linux machine to practice your skills |
| Lian Yu | challenge, gobuster, steganography, privesc | Easy | A beginner level security challenge |
| Linux Privilege Escalation | privesc, privilege escalation, linux, linux privilege escalation | Medium | Practice your Linux Privilege escalation skills on an intentionally misconfigured Debian VM with multiple ways to get root |
| Linux Privilege Escalation arena | security, linux, privesc | Medium | Students will learn how to escalate privileges using a very vulnerable Linux VM. SSH is open |
| Mr. Robot CTF | mrrobot, root, beginner | Medium | Based on the Mr. Robot show, can you root this box? |
| Musical Steganography | steganography, audio, qr, morse | Medium | This audio file is hiding some things, are you able to extract enough data to obtain the flag? |
| OWASP Juice Shop | owasp, web, juiceshop, burp | Easy | This room uses the OWASP Juice Shop vulnerable application to learn how to identify and exploit common web vulnerabilities |
| OWASP Top 10 | owasp, top 10, injection, web, broken authentication | Medium | Learn about and exploit each of the OWASP Top 10 vulnerabilities, the 10 most critical web security risks |
| OhSINT | osint, internet, dorks | Easy | Are you able to use Open Source Intelligence to solve this challenge? |
| Overpass | owasptop10, easy, cron, web | Easy | What happens when some broke Computer science students make a password manager? |
| Overpass 2 - Hacked | security, forensics, wireshark, linux | Easy | Overpass has been hacked, can you analyze the attacker's actions and hack back in? |
| Physical Security Intro | security, lockpicking, lock-bypass | Easy | This room is an introduction to physical security methods to bypass locks, doors and physical barriers |
| Pickle Rick | ctf, dirbuster, linux | Easy | A Rick and Morty CTF. Help turn Rick back into a human! |
| Printer 101 | iot, security, cups, pret | Easy | Learn about (and get hands on with) printer hacking and understand the basics of IPP |
| Radare 2 | radare2, assembly, crackme | Easy | An in-depth crash course on Radare2 |
| Remux the Tmux | workflow, tmux, tutorial, guide | Easy | Updated how to use tmux guide. Defaults and customize your workflow |
| Retro | windows, ctf, privesc | Hard | New High Score! |
| Reversing elf | reverse engineering, elf, ctf, challenge | Easy | Room for beginner reverse engineering CTF players |
| Simple CTF | security, enumeration, privesc | Easy | Beginner level CTF |
| Spicy Startup | wireshark, cron, gobuster, enumeration | Easy | Abuse traditional vulnerabilities via untraditional means |
| Splunk | blue, primer, splunk, search | Hard | Part of the Blue primer series, learn how to use splunk to search through massive amounts of information |
| Tmux | red, primer, tmux, tutorial | Easy | Learn to use tmux, one of the most powerful multitasking tools on linux |
| Tomghost | tomcat, zip, pgp, cve-2020-1938 | Easy | Identify recent vulnerabilities to try exploit the system or read files that you should not have access to |
| Vulnversity | recon, privesc, webappsec | Easy | Learn about active recon, web app attacks and privilege escalation |
| Web App Security 101 | security, webapplication, beginner | Medium | In this room, we will walk you through testing a web application in the perspective of a hacker/penetration tester |
| Web Fundamentals | web, http, ctf, beginner | Easy | Learn how the web works |
| Web Scanning | security, web, app, scanning | Easy | Learn the basics of automated web scanning |
| WiFi Hacking 101 | security, wifi, wireless, wpa2 | Easy | Learn to attack WiFi Protected Access(2) networks |
| Wireshark | pcap analysis, forensics, wireshark, threat hunting | Easy | Learn the basics of Wireshark and how to analyze various protocols and PCAPs |
| WWBuddy | security, sqli, injection, logging | Medium | Exploit this website still in development and root the room! |
| Year of the rabbit | puzzle, web, boot-to-root, challenge | Easy | Time to enter the warren... |
| You're in a cave | docker, privesc, rpg, regex | Hard | A room with some CTF elements inspired in text based RPGs |
| c4ptur3th3fl4g | security, youtube, dccybsersec, ctf | Easy | A beginner level CTF challenge |
| githappens | security, git, web | Easy | Boss wanted me to create a prototype, so here it is! We even used something called "version control" that made deploying this really easy! |
| Root me | security, web, linux, privilege-escalation | Easy | A CTF for beginners, can you root me? |
| Sublist3r | red, primer, sublist3r, recon | Easy | Learn how to find subdomains with sublist3r |