This repository contains my personal TryHackMe writeups, study notes and walkthroughs from the learning paths listed in the TryHackMe Web Application Pentesting.
The purpose of this repository is to document my methodology, commands, observations, mistakes, and final exploitation paths in a way that is useful for revision, portfolio building, and future reference.
Each writeup is based on work completed within an authorised TryHackMe training environment. The rooms and systems covered are intentionally designed for cyber security education and practical experimentation.
Where relevant, the writeups may include IP addresses assigned during a lab session. Testing is performed using the TryHackMe AttackBox or a personal Kali Linux virtual machine connected to the TryHackMe network through OpenVPN.
PLEASE NOTE: This repository may cover both offensive and defensive learning rooms but is for the Web Application Pentesting path. The format of each entry will therefore vary according to the subject. For example, an offensive room may focus on enumeration and exploitation, while a defensive room may focus on alert analysis, investigation, detection logic or remediation.
Important
This repository will NEVER contain material taken from TryHackMe professional certification examinations or other restricted assessments. It will NOT* provide any flags, passwords, cracked credentials or confidential material that will slow the rate of learning.
If you are looking for any assistance, answers, guides, specific walkthroughs you will NOT find any of those here, help/assistance is limited, but available via the TryHackMe Discord.
Depending on the room and learning objective, a writeup may contain:
- Room and module overview;
- Learning objectives;
- Environment and tooling notes;
- Target and attacker IP details where relevant;
- Enumeration and reconnaissance steps;
- Vulnerability analysis;
- Initial access and privilege escalation methodology;
- Defensive investigation or detection steps;
- Commands and selected output;
- Mistakes, troubleshooting and alternative approaches;
- Key findings and lessons learned; and
- Remediation or defensive recommendations.
Sensitive values, credentials, hashes, answers and flags will be removed or replaced with <REDACTED>.
Learning Path: Web Application Pentesting
Every day you interact with web applications. Just reading the information here means you are using a web application! Understanding how to test web applications is a critical skill required by almost every pentester! Even if you want to specialise in testing other systems like networks or cloud, a solid baseline in web application testing will greatly assist you on this journey. This path covers key topics that you need to understand for web application testing, such as:
- Authentication Attacks
- Injection Attacks
- Advanced Server-Side Attacks
- Advanced Client-Side Attacks
- HTTP Request Smuggling
Completing this learning path will allow you to learn and become a great web application penetration tester.
| No. | Section | Challenge | Difficulty | Status |
|---|---|---|---|---|
| 1 | Hammer | Hammer | ||
| 2 | Injectics | Injectics | ||
| 3 | Include | Include | ||
| 4 | Whats Your Name? | Whats Your Name? | ||
| 5 | El Bandito | El Bandito |
The tools used will vary by path and room. The following list is representative rather than exhaustive.
| Reconnaissance and Enumeration | Web and Application Testing | Exploitation and Access | Post-Exploitation and Active Directory |
|---|---|---|---|
| Nmap | Burp Suite | Metasploit Framework | BloodHound |
| RustScan | OWASP ZAP | Netcat | NetExec |
| Gobuster | ffuf | Evil-WinRM | Impacket |
| Feroxbuster | CeWL | Penelope | Responder |
| dig | SQLmap | Hydra | PowerShell |
| Sstimap | Phpggc |
| Passwords and Hashes | Tunnelling and Pivoting | Privilege Escalation | Defensive and Analytical Tools |
|---|---|---|---|
| John the Ripper | Chisel | PEASS-ng | Wireshark |
| Hashcat | sshuttle | pspy | tcpdump |
| Hydra | Rpivot | GTFOBins | CyberChef |
| CUPP | HackTricks |
My general workflow is:
- Review the room objectives and identify any prerequisite knowledge.
- Prepare the lab environment and record the relevant connection details.
- Complete the room using an evidence-led and repeatable process.
- Record commands, observations, failed approaches and important output.
- Redact flags, answers, credentials, hashes and other restricted material.
- Explain why each successful technique worked rather than listing commands without context.
- Record lessons learned and link the activity to wider cyber security practice.
- Add defensive recommendations or remediation notes where appropriate.
- Review the finished writeup for accuracy, clarity and compliance with TryHackMe rules.
These notes may contain spoilers, command output, vulnerability details and complete attack or investigation paths. Anyone actively completing a room should attempt it independently before reading the associated writeup.
This repository will not intentionally publish:
- TryHackMe flags or answer strings;
- passwords or cracked credentials;
- reusable session tokens;
- private keys or sensitive certificates;
- certification examination content;
- copied room instructions or substantial portions of TryHackMe material; or
- material that TryHackMe or a room author has asked learners not to share.
Where a value is necessary to explain the methodology, it will be represented using a placeholder such as <TARGET_IP>, <USERNAME>, <EMAIL_ADDRESS>, <SESSION_VALUE_REDACTED>, or <REDACTED>.
If restricted or sensitive information is included accidentally, please report it through the repository's GitHub Discussions or Issues area so it can be reviewed and removed.
These writeups are for educational purposes only and are based on authorised TryHackMe lab environments.
All tools, commands, techniques, and methodologies referenced in these writeups were used within controlled training environments where permission was provided by the owner and/or operator of the lab platform. The systems discussed are intentionally vulnerable machines designed for cybersecurity learning, practice, and assessment.
Do not use these techniques, tools, or methods against systems, networks, applications, or services that you do not own or do not have explicit written permission to test. Unauthorised access, scanning, exploitation, or disruption of systems is illegal and unethical.
The tools and methods listed in this repository are examples of approaches used during specific rooms or learning exercises. They are not the only possible solutions, and other tools, techniques, or workflows may be used depending on the target environment, room design, and individual methodology.
TryHackMe periodically updates, replaces or retires rooms and learning paths. Links, room sequences and path content may therefore change after a writeup is published.
Each writeup should be treated as a record of the room as it appeared on the date documented. Where a material change is identified, the relevant page may be updated or marked as archived.
If you notice a broken link, outdated instruction, formatting problem, technical error or any other noticeable issue within a writeup, please report it through the repository's Issues tab. When raising an issue, include the name of the affected writeup, a brief description of the problem and, where possible, the relevant section or line.
Constructive corrections are welcome and help keep the repository accurate, useful and maintainable.
Thanks for checking out my TryHackMe writeups. These notes form part of my ongoing cybersecurity learning journey, where I document rooms, techniques, tools, mistakes and lessons learned while working through different challenges.
You can view my TryHackMe profile here:
I am also active within cybersecurity learning communities, including Discord, where I discuss labs, tools, methodologies and general security topics with other learners and practitioners.
Feel free to follow my progress, compare approaches or get in touch if you are working through similar rooms.
Walkthrough requests are always welcome, although publication will depend on my availability and whether sharing the content complies with the platform's rules.
Created by V4L1K4HN as part of my cybersecurity learning journey through TryHackMe.
Unless otherwise stated, the original written content in this repository is licensed under the Creative Commons Attribution 4.0 International License.
Copyright © 2026 V4L1K4HN.
You may share and adapt the licensed material for any purpose, including commercially, provided that:
- appropriate credit is given to V4L1K4HN;
- a link to the license is provided; and
- any changes made to the original material are clearly indicated.
This license applies only to original material created by the repository author. TryHackMe content, branding, room materials, third-party software, trademarks, externally sourced material, and any other third-party intellectual property remain subject to their respective owners' terms and licenses.
See the LICENSE file for the complete legal terms.
Powered on ☕ made with ❤️ by V4L1K4HN
⭐ If this project is useful, consider starring it on GitHub.

