Pyrat room is a beginner-friendly Capture The Flag (CTF) challenge focused on exploiting a vulnerable Python-based web application. The machine hosts a Python interpreter over a raw TCP connection, allowing arbitrary code execution. The challenge involves gaining a reverse shell, enumerating hidden credentials in a Git repository, escalating privileges from a web user to the main user, and finally gaining root access by analyzing an insecure custom RAT (Remote Access Tool). This room teaches skills in enumeration, reverse shell creation, Git credential leaks, and basic privilege escalation.

This room teaches how to bypass PHP disabled functions, commonly used in Web CTFs and real-world restricted environments.

Hack this machine and get the flag. There are lots of hints along the way and is perfect for beginners!

A detailed walkthrough of the Cheese CTF challenge, covering reconnaissance, enumeration, exploitation, and privilege escalation.

Learn the basics

This room uses the Juice Shop vulnerable web application to learn how to identify and exploit common web application vulnerabilities.

Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks.

This is a machine that allows you to practise web app hacking and privilege escalation

Practice using tools such as Nmap and GoBuster to locate a hidden directory to get initial access to a vulnerable machine. Then escalate your privileges through a vulnerable cronjob.

Pickle Rick is a fun beginner-level TryHackMe room where you help Rick gain access to a server and find ingredients to turn himself back into a human. It teaches basic Linux enumeration, file permissions, and simple privilege escalation techniques.