How to Get Started with Try Hack Me
Let's get a detailed walkthrough of how to get started with Try Hack Me including how to make an account, what are the features on this platform, and how one can proceed.
Try hack me is positioned as a penetration testing training service and they seem to be aimed towards the beginner-intermediate level. They do a great job in teaching all the foundational skills before getting into the more hacking side which they just do a fantastic job. Try hack me offer several learning paths which you can use to build your skills in certain areas.
How to create an account on Try Hack Me:
Follow the link below to make an account on Try Hack Me if you are a new user on this platform.
Login to Try Hack Me by clicking on the login tab in the upper right corner of the page. After logging in you will get a page like below.
Various features inside Try Hack Me:
There is a “Learn” tab where all of the different learning paths are specified. You can proceed with any area you want to learn about.
To start with, there is a complete beginner path that will teach you everything you need to know from Linux foundation to web application security, network security and just really get you comfortable with learning all the beginner skills that you'll need before proceeding into more advanced sort of activities.
You then have the toolset for both offensive or defensive (red team and blue team) activities. In the red team, you will have your typical Nmap, Burp Suite, Metasploit, etc.
and in the blue team, you'll have things like networking, Splunk, etc.
The web foundations path will teach you everything you need to know for web application pen-testing. This includes the major vulnerabilities, toolsets and gives you some areas where you can practice finding all these vulnerabilities yourself.
Then they have the offensive path now the offensive path is great for those who are motivated to do the OSCP. This will be a great primer as it will teach you all the basics you'll need to know and take you through the exploitation process, enumeration process, and privileged escalation process. It will also throw in things like active directory and go into detail about buffer overflow attacks.
There is another path named CompTIA Pentest+ which follows the same process as the offensive path but has more subject matter tailored towards that course. They also have a practice exam for those who want to follow through and take the CompTIA Pentest+ exam.
How One can Proceed:
Inside all of these learning paths, you have these things called rooms and these are basically a group of activities.
Now what you see here is one of the rooms for web fundamentals where you carry out activities to fully compromise the server. Try Hack Me may do this in a way where it will guide you through the process and ask you questions and you have to find that and submit it. It will guide you through the exploitation process. This is great for beginners as it really gets them learning by doing instead of just throwing you completely in the deep.
You can also see writeups for these rooms from the writeup tab as shown below:
You can start the machine by clicking the start machine button (sometimes written as a decoy machine).
You can start the machine either by clicking the “Start AttackBox” button.
How to Connect Using OpenVPN:
To access these machines, you need to be connected to the network of Try Hack me. You do this by using a VPN (similar to how you would connect to a work or school computer from home). Firstly, go to the access page and download your VPN configuration file.
After that follow the steps shown below:
The path to configuration files should be Downloaded “by default”.
You can open a new terminal tab or window and start attacking the boxes. Please note that you will need to keep this terminal window open to keep the OpenVPN process running. After that, you can follow the writeups for any room to complete the tasks given.
Similarly, you can join other rooms and follow steps from writeups and learn the stuff.
Lastly, you gain points with each machine that you compromise or activity that you complete. This gives you experience points and you level up and you enter the ranking boards.