Ethical hacking with TryHackMe's Capture the Flag series

Capture the Flag!

© Lead Image © Clint Scholz, fotolia.com

© Lead Image © Clint Scholz, fotolia.com

Article from Issue 291/2025
Author(s):

TryHackMe's Capture the Flag puzzles are a useful source for users who want to learn about ethical hacking and penetration testing.

Security-minded users today can look online for a seemingly endless catalog of attacks and defenses. I have found the inimitable TryHackMe website [1] to be an indispensable tool that has allowed me to tailor my ethical hacking learning in a way that is both efficient and enjoyable. In my opinion, the presentation of each learning exercise is second to none, and the volume of content is exceptional.

This article describes one of the Capture the Flag (CTF) exercises on the TryHackMe website. A CTF exercise is a ready-made scenario that allows the user to play the role of an intruder, attacking a system and searching for a way to breach security and gain root access. Each time you solve a CTF puzzle, you capture a "flag" and are awarded points that allow you to assess your progress and compete with other users. As you can probably guess, I chose a CTF exercise based on a Linux machine. Before sitting down to write this article, I contacted TryHackMe and received permission to write about this CTF. The Bounty Hacker CTF described in this article is one of the many free CTFs on the TryHackMe website, so create a free account and try it yourself if you are interested.

On Your Marks

TryHackMe provides lots of free content, but if you pay a few dollars a month, you get faster CTF server startup times and dedicated UI attack machines that run in a browser. However, it is also possible to connect into their networks via a VPN without subscribing.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Attacking SSH

    Sometimes the only way to break into an SSH server is through brute force – and yes, there are tools for that.

    more »
  • Compromising WordPress

    WordPress is an incredibly popular tool for building websites, and don't think the attackers haven't noticed. We'll show you what to watch for.

    more »
  • Reverse Shells

    Firewalls block shell access from outside the network. But what if the shell is launched from the inside?

    more »
  • Enumerating Resources

    A cyberattack unfolds in stages. The enumeration phase is when the attacker looks for holes in the target system. Tools like feroxbuster and ffuf bring the power of automation to the search.

    more »
  • ProxyChains

    If you want to stay anonymous on the web, you don't need the Tor browser or a Tor-based distro like Tails. ProxyChains obscures your presence through proxies – with or without Tor on the back end.

    more »
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News

Tag Cloud

Administration Community Events Hardware Linux Linux Pro Magazine Mobile Programming Security Software Ubuntu Web Development Windows free software open source