Come join our Discord server for support or further discussions
Writeups should have a link to TryHackMe and not include any passwords/cracked hashes/flags
Use the web-based machine to attack other target machines you deploy on TryHackMe.
(Use this for your reverse shells)
Complete the room to earn this badge
You've completed the room!
Your machine is going to expire soon. Close this and add an hour to stop it from terminating!
Your machine has expired and terminated.
Now you've deployed your machine, to access it you need to either
Download your VPN configuration file and import it into a OpenVPN client
Control a web-based machine with everything you need, all from inside your browser
Some tasks will have you learning by doing, often through hacking a virtual machine. However, to access these machines you need to either:
nmap MACHINE_IP -Pn -v
ping MACHINE_IP. If its responds, its reachable and you're not accessing it in the intended way.
Not all machines will have SSH enabled.
You shouldn't be trying to SSH / RDP / Access a webserver unless you've been told specifically to do so, or have scanned the machine first to check that the service is running.
Not all machines you deploy will have a web server running. Why not scan the machine with nmap to see if there is one running on another port.
Use the following nmap command:
nmap -v MACHINE_IP - If there is a webserver running on another port, go to http://MACHINE_IP:PORT
If you are on a machine, the chances are it won't have internet access.
To put a file onto your remote machine, you can:
scp YOUR_FILE [email protected]:/DIRECTORY
python3 -m http.server 1234where your files are hosted, then on the remote machine go to http://MACHINE_IP:1234 and download it.
Not every room has the in-browser functionality. Its up to the room creator to add this capability.
If you are not sure where to start, check out:
Completing rooms gets you a certain number of points. A breakdown of how questions are scored as as follow:
|1st to answer||80 points|
|After first||30 points|
If the room type is a walkthrough room, you only get 25% of those points added to your account score. Challenge room’s receive 100% if the room has been released during this month.All points you get are added to your ‘All-time’ score, however not all points are added to your ‘Monthly’ score (which is reset to 0 on the last day of the month 23:59 GMT). You only get 100% of a room's monthly points if a room has been released during that month; you get 25% of challenge room points if its not released in this month. This stops new users being able obtain large amounts of points as they have more rooms to solve than older users - by monthly points only being awarded if a room is released this month, everyone has a fair chance to be number 1 on the ‘Monthly’ leaderboard and everyone has an equal chance to be number 1 on the ‘All-time’ leaderboard.
To access target machines you deploy you need to either:
sudo apt install openvpn
sudo openvpn /path/to/file.ovpn
ps aux | grep openvpn- are there 2 VPN sessions running?)
Use your own web-based linux machine to access machines on TryHackMe
To deploy your AttackBox in the room, click the Start AttackBox button. Your private machine will take 2 minutes to start.
You can also use the dedicated My-Machine page to deploy and access your machine. From here you can also deploy:
Free users get 1 free AttackBox deploy hour. Subscribed users get more powerful machines with unlimited deploys.