Hacking your first machine is a milestone for anyone interested in cybersecurity. You may have watched countless tutorials and read many articles. But hacking a machine and taking control of it is a wonderful and important experience for any aspiring cybersecurity professional.
Well, I’m here to give you that experience – for free.
I’ve created a hands-on lab with TryHackMe (THM). TryHackMe is an online platform that offers virtual labs for learning cybersecurity.
THM reduces complex virtual machine setups to help you practise your skills. Using THM, you can use machines right from your browser.
It’s a safe space to practice your skills. You’ll need to sign up for a free account to work with this lab, but you don’t have to buy a premium plan.
First, I’ll give you an intro to the platform. You can then visit the lab and hack your first machine. Here’s the Lab URL: https://tryhackme.com/jr/SS_HYFM
How to Work with TryHackMe
To practise hacking, you need a target and an attack machine. THM works by creating isolated labs, also called “rooms”. Every room has its own target and attack machines.
Each room is split into multiple tasks. You must finish a task and answer some questions to pass the task. Once you finish all the tasks, you pass the room.
To start the target machine, click on the green “Start machine” button. Once you start, give it a few minutes to display its IP address.
Most targets will not have a GUI. You will only be interacting with it using an IP address.
Now you need an attack machine. THM offers a Kali virtual machine to use as the attacking machine. Kali is a Linux version with all the tools you need pre-installed in it. So no extra setups or installations are needed.
You can find the “Start Attackbox” button on the top left. It will open the attacking machine by splitting your screen.
Lab Tasks
The lab is split into five tasks:
1. Platform overview
This task gives you an introduction to how the platform works, similar to the above section. Once you start both the virtual machines, you can test the connection by pinging the target from the attackbox.
2. Linux 101
We have added a task on basic Linux commands. Even if you are an experienced Linux user, it can help brush up your skills. Here are the commands you will be working with.
whoami — tells you the username of the currently logged-in user.
pwd — Shows the full path of the current directory. It helps you track your current location in the system.
clear — clears the screen
ls — Lists files and directories in the current folder.
cat — Displays the contents of a file. It can also help create new files. cat [filename] will display a file’s contents. Using the > operator, cat > [filename] will create a new file.
rm — Deletes files or directories. Useful for cleaning up traces of activities, such as removing logs.
3. Scanning with Nmap
Nmap (short for Network Mapper) is a free, open-source tool used for port scanning. It can scan for open ports, identify services, and even detect the target’s operating system.
Nmap will help you scan the target using its IP address. The information from Nmap will help you find entry points of getting into the target.
4. Brute-forcing with Hydra
Once you find an entry point, you can use a brute-force tool to find the password. In this target, there will be an open SSH port. SSH is a protocol that helps login to a server remotely.
You’ll use Hydra along with a list of passwords to hack your way into the target server. Once you find the password, you can login to the target using SSH. Here is the syntax for using SSH to login to a server.
ssh username@ip_address
It will then prompt for the password. Once you login to the target, you can find a text file called flag2.txt. The contents of this file will be the answer to the final question in the lab.
5. Wrapping Up
The final task will ask for your feedback about this lab. Let us know your thoughts and we will make this lab better for the next person.
Let’s Go
Go to TryHackMe and sign up for an account. Once you are done, click here to go to the lab.
Happy hacking!
For more articles on Cybersecurity, join our free newsletter Stealth Security. To learn ethical hacking tools using hands-on labs, check out our private community The Hacker’s Hub.