DEV Community

Cover image for Want To Be a Hacker? Getting Started with Ethical Hacking (TryHackMe Journey)
Payam Hoseini
Payam Hoseini

Posted on

Want To Be a Hacker? Getting Started with Ethical Hacking (TryHackMe Journey)

#hack #security #tutorial #ceh

Are you looking for an intro to world of CyberSecurity?
You want to become an ethical hacker? I get it.Like me, years ago.
The cybersecurity world looks intimidating from the outside, all those technical terms, endless tools, and complicated concepts. But here's the truth: you can start learning today, right now, without any prior experience.

Let me show you how TryHackMe makes this possible.

Why TryHackMe? Learn by Actually Doing It

There is a painful fact in this field, Most beginners fail because they read too much and practice too little.
Forget boring textbooks and endless theory. TryHackMe teaches you by letting you hack into real systems (legally, of course) in a safe environment. Think of it like a flight simulator for hackers, you get real experience without any real-world consequences.

The best part? You learn the exact same techniques that real hackers use. When you hear about big companies getting hacked on the news, TryHackMe often has challenges that let you recreate those exact attacks. That's powerful learning. Think of it like A hacking gym for beginners.No damage. No risk. Just learning.

What Are CTF Challenges?

CTF stands for "Capture the Flag." It's basically a hacking puzzle where you break into a system and find hidden "flags" (special text strings) to prove you completed the challenge, like Paintball game if you played ;)

Don't worry, you don't need to be an expert to start. CTFs are designed to teach you as you go. Here's what you'll learn:

  • Network Scanning: Finding what services are running on a target system
  • Web Hacking: Breaking into websites and web applications
  • Linux Skills: Mastering the command line (super important for hackers)
  • Problem-Solving: Thinking like an attacker to find weaknesses

Your Learning Path: Start Here

1. Create Your Free Account

TryHackMe has tons of free content. Seriously, over 500 free rooms (that's what they call challenges) that you can complete without paying anything.

Recommended paths for beginners:

  • Pre-Security Path: Start here if you're completely new
  • Penetration Tester Path: For learning offensive security
  • SOC Level 1 Path: If you want to work as a security analyst

2. Understanding the Interface

When you open a TryHackMe room, you'll see:

  • Questions to answer
  • A virtual machine you can deploy
  • Instructions and hints
  • A terminal right in your browser

Payamdev - TryHackMe Rooms

3. Connect to the VPN

To hack the machines, you need to connect to TryHackMe's network using OpenVPN.

Payamdev - OpenVPN Connected Tryhackme

TryHackMe recently focus on their new feature which is AttackBox which runs a complete OS in a Pip view in browser to make it easier for you and get rid of connectiong via OpenVPN. you can also use that feature.

Let's Hack Something: Your First Challenge

Let me walk you through a beginner-friendly CTF called "Bounty Hacker" so you can see exactly what this looks like.

Step 1: Deploy the Machine and Scan It

First, you click "Start Machine" on TryHackMe. It gives you an IP address, let's say 10.81.174.194.

Now you scan it with Nmap to see what ports are open:

Payamdev - nmap

What this does:

  • nmap: The scanning tool
  • -sV: Detects what services/versions are running
  • The IP address: Your target

Step 2: Check Open Ports

As you may saw, there are ports open like 22 which belongs to ssh. Your real journey starts here. Each room has it's flag, for example, in a room you will see credentials for ssh so you can connect as a user to target device and your goal (flag) is to become root, means to gain system admin password.
You may ask how to get that valuable information? Yes it is complicated at begining but when you read room's instructions carefully and consider to the clues, you will find a way to find root password.

I remember in one of that rooms, at first i have to coonect to server via ssh, after that and using nmap, i found ftp port is open. Next i found that i can connect to ftp with it's default password (A common mistake that people do in real world a lot). So i can find a Text file that has information about other users, and with the help of a password cracking tool app which name is Hydra, I can finnaly found system admin password and login as root and capture that flag.

Pro Tips from Someone Who's Been There

It's Okay to Get Stuck

I'm going to be honest: you will get stuck. A lot. That's completely normal. When you do:

  1. Read the hints on TryHackMe
  2. Search for writeups (walkthroughs) online
  3. Ask in the TryHackMe Discord

Important: Don't just copy answers. Read the walkthrough, understand WHY that command works, try it yourself, and learn the concept. That's how you grow.

When i stuck anywhere in all of my IT learning process, always i leave my sit and go somewhere else, like another room, then get relaxed and think again from start to that problem. I got the answer every time i use this simple trick, believe me ;)

Keep Track of Your Progress

TryHackMe has a cool leveling system. You start as a "Neophyte" and work your way up to "Titan" and beyond. It's gamified to keep you motivated.

Take Notes

Start a hacking journal. When you learn a new technique, write it down:

## Nmap Scanning

Basic scan: nmap -sV [target-ip]
Full scan: nmap -sC -sV -p- [target-ip]
UDP scan: nmap -sU [target-ip]

When to use: Always scan first to see what services are running
Enter fullscreen mode Exit fullscreen mode

From Hobby to Career: SOC Analyst

If you want to turn this into a career, the SOC Level 1 path is your golden ticket. A SOC (Security Operations Center) Analyst is basically a digital security guard who:

  • Monitors network traffic for threats
  • Investigates security alerts
  • Responds to incidents
  • Creates reports

The job market is HOT right now. Companies are desperate for SOC Analysts because there aren't enough skilled people. After completing the SOC Level 1 path, you'll know How to analyze network traffic, SIEM tools (security monitoring platforms), Digital forensics and Phishing analysis.

Believe me if you do some stuff like this and prove to any employer that you have this kind of skills, you will be their top candidate.

What You Need to Get Started

Hardware:
A computer (doesn't need to be fancy), Internet connection and That's it!

Software:
TryHackMe account (free), OpenVPN (free), Optional: Kali Linux VM for practicing (free)

Money:
Start with free content, Premium is $13/month if you want access to everything. I dont buy Premium subscription in first 3 months of using.

Final Thoughts

Look, cybersecurity seems scary and complicated from the outside. But here's what I've learned: the best way to learn is to just start.

You don't need a computer science degree. You don't need to know everything about networking. You just need curiosity and persistence. I know peoples that even don't know what DNS or NAT is or what is diffrences between TCP or UDP but they started to DO and make experiences and in their experimenting, they learned all of that scary words in a very good way. Do not stuck in tutorial hell and do projects, even silly ones.

Create that free account. Open your terminal. Run that first Nmap scan. See what happens.

The cybersecurity community needs more people. We need fresh perspectives, different backgrounds, and new ways of thinking. That could be you.

Your hacking journey starts with a single command. Make today that day.

Ready to start? Head over to TryHackMe and create your free account. See you in the challenges!

Top comments (0)