Want To Be a Hacker? Getting Started with Ethical Hacking (TryHackMe Journey)
Source: Dev.to
Are you looking for an intro to the world of CyberSecurity?
Do you want to become an ethical hacker? I get it – I was there years ago.
The cybersecurity world can look intimidating from the outside: endless tools, technical jargon, and complicated concepts. The truth is, you can start learning today, right now, without any prior experience.
Let me show you how TryHackMe makes this possible.
Why TryHackMe? — Learn by Actually Doing It
There’s a painful fact in this field: most beginners fail because they read too much and practice too little.
- Forget boring textbooks and endless theory.
- TryHackMe teaches you by letting you hack into real systems (legally, of course) in a safe environment. Think of it as a flight‑simulator for hackers – you get real experience without any real‑world consequences.
The best part? You learn the exact same techniques that real hackers use. When you hear about big companies getting hacked on the news, TryHackMe often has challenges that let you recreate those exact attacks.
Think of it as a hacking gym for beginners. No damage. No risk. Just learning.
What Are CTF Challenges?
CTF = “Capture the Flag.” It’s basically a hacking puzzle where you break into a system and find hidden “flags” (special text strings) to prove you completed the challenge – like a paintball game, but digital.
Don’t worry; you don’t need to be an expert to start. CTFs are designed to teach you as you go. Here’s what you’ll learn:
| Skill | What you’ll do |
|---|---|
| Network Scanning | Find what services are running on a target system |
| Web Hacking | Exploit websites and web applications |
| Linux Skills | Master the command line (super important for hackers) |
| Problem‑Solving | Think like an attacker to discover weaknesses |
Your Learning Path: Start Here
1. Create Your Free Account
TryHackMe has tons of free content – over 500 free rooms (that’s what they call challenges) you can complete without paying anything.
Recommended paths for beginners
| Path | Who it’s for |
|---|---|
| Pre‑Security Path | Completely new to security |
| Penetration Tester Path | Want to learn offensive security |
| SOC Level 1 Path | Want to work as a security analyst |
2. Understanding the Interface
When you open a TryHackMe room you’ll see:
- Questions to answer
- A virtual machine you can deploy
- Instructions and hints
- A terminal right in your browser
3. Connect to the VPN
To hack the machines you need to connect to TryHackMe’s network using OpenVPN.
New feature: TryHackMe now offers AttackBox, a full OS that runs in a browser tab, removing the need for a local OpenVPN client. Feel free to use whichever method you prefer.
Let’s Hack Something: Your First Challenge
I’ll walk you through a beginner‑friendly CTF called “Bounty Hacker.” Follow each step to see exactly how it works.
Step 1 – Deploy the Machine and Scan It
- Click “Start Machine.” You’ll receive an IP address, e.g.,
10.81.174.194. - Scan the target with nmap to discover open ports and services:
nmap -sV 10.81.174.194
What this does
| Flag | Meaning |
|---|---|
nmap | Scanning tool |
-sV | Detect service versions |
IP | Target address |
Step 2 – Check Open Ports
You’ll likely see port 22 (SSH) open. Your real journey starts here. Each room has its own flag; for example, you might find SSH credentials that let you log in as a regular user. Your goal (the flag) is to become root – i.e., obtain the system‑admin password.
How to get that information
- Read the room’s instructions carefully – clues are often hidden in the description.
- Use the open ports to your advantage. In one room I:
- Connected via SSH.
- Ran another nmap scan and discovered FTP (port 21) was open.
- Connected to FTP using the default password (a common real‑world mistake).
- Found a text file containing usernames.
- Used Hydra to brute‑force the SSH password for the admin account, captured the flag, and escalated to root.
Pro Tips from Someone Who’s Been There
It’s Okay to Get Stuck
I’ll be honest: you will get stuck. A lot. That’s completely normal. When it happens:
- Read the hints on TryHackMe.
- Search for write‑ups (walkthroughs) online.
- Ask in the TryHackMe Discord or community forums.
Important: Don’t just copy answers. Read the walkthrough, understand why a command works, then try it yourself.
Earn the Concept – That’s How You Grow
When I get stuck anywhere in my IT learning process, I always leave my seat and go somewhere else—like another room—then relax and think about the problem from the start again. I get the answer every time I use this simple trick. Believe me! 😉
Keep Track of Your Progress
TryHackMe has a cool leveling system. You start as a “Neophyte” and work your way up to “Titan” and beyond. It’s gamified to keep you motivated.
Take Notes
Start a hacking journal. When you learn a new technique, write it down:
# Example entry
Date: 2024-04-15
Topic: SQL Injection
Technique: Use UNION SELECT to enumerate columns
Payload: ' UNION SELECT null, username, password FROM users --
Notes: Always test on a copy of the database first.Nmap Scanning
Basic scan
nmap -sVFull scan
nmap -sC -sV -p-UDP scan
nmap -sUWhen to use: Run a scan first to discover which services are running on the target.
From Hobby to Career: SOC Analyst
If you want to turn this into a career, the SOC Level 1 path is your golden ticket. A SOC (Security Operations Center) Analyst is basically a digital security guard who:
- Monitors network traffic for threats
- Investigates security alerts
- Responds to incidents
- Creates reports
The job market is HOT right now. Companies are desperate for SOC Analysts because there aren’t enough skilled people. After completing the SOC Level 1 path, you’ll know how to:
- Analyze network traffic
- Use SIEM tools (security monitoring platforms)
- Perform digital forensics
- Conduct phishing analysis
Prove these skills to an employer and you’ll be a top candidate.
What You Need to Get Started
Hardware
- A computer (doesn’t need to be fancy)
- An Internet connection
Software
- TryHackMe account (free)
- OpenVPN (free)
- Optional: Kali Linux VM for practice (free)
Money
- Start with free content.
- Premium is $13 / month if you want access to everything.
- You don’t need a premium subscription in the first three months.
Final Thoughts
Cybersecurity can look scary and complicated, but the best way to learn is to just start.
- You don’t need a computer‑science degree.
- You don’t need to know everything about networking.
- Curiosity and persistence are enough.
I know people who didn’t even know what DNS, NAT, TCP, or UDP were, yet they began experimenting, did projects (even silly ones), and learned those concepts along the way. Avoid “tutorial hell”; build things and learn by doing.
- Create a free TryHackMe account.
- Open your terminal.
- Run your first Nmap scan.
The cybersecurity community needs fresh perspectives, diverse backgrounds, and new ways of thinking. That could be you.
Ready to start? Head over to TryHackMe and create your free account. See you in the challenges!