Confused Where to Start on TryHackMe? Here Are 30 Free Rooms — Sequenced for CEH Prep
I've been preparing for the CEH exam (sitting May 2026) while working in SOC
operations, and I noticed the same problem coming up constantly in every
cybersecurity Discord and subreddit:
"I just signed up for TryHackMe. Where do I even start?"
Most answers are vague. "Just do rooms." "Follow a path." Nobody maps it out
clearly, tells you which rooms are actually free, or sequences them in a way
that aligns to a specific goal like CEH.
So I did it myself.
What This Guide Is
A curated list of 30 free TryHackMe rooms across 7 progressive phases —
every room mapped to a CEH domain, with a time estimate and direct URL.
It's designed for:
- Students actively prepping for CEH v12
- CS / MCA / BCA students who want hands-on skills alongside theory
- Developers transitioning into cybersecurity (your web dev background = unfair advantage on the web hacking phases)
- Anyone who opened TryHackMe and had no idea where to click first
Why TryHackMe for CEH Prep?
The CEH exam tests 20 knowledge domains — footprinting, scanning, exploitation,
web app hacking, cryptography, and more.
Most candidates study theory but arrive at the exam having never:
- Run a real Nmap scan against a live target
- Intercepted an HTTP request with Burp Suite
- Cracked a hash in a terminal
- Used Metasploit against an actual vulnerable machine
TryHackMe puts you inside a live vulnerable environment, guided by tasks
that mirror exactly what CEH tests — in the order CEH tests them.
The 7-Phase Roadmap
Phase 1 — Orientation & Setup (~45 min)
Get comfortable with the THM interface before diving in.
| # | Room | Time | CEH Domain |
|---|---|---|---|
| 01 | Tutorial | 10 min | Interface basics |
| 02 | Starting Out in Cyber Sec | 20 min | CEH mindset |
| 03 | Introductory Researching | 30 min | OSINT basics |
Phase 2 — Linux & Networking Core (~6 hr)
Your Linux coursework helps here — but the attack context is completely
different from academic learning. Do all 8 rooms.
| # | Room | Time | CEH Domain |
|---|---|---|---|
| 04 | Linux Fundamentals Part 1 | 1 hr | System Hacking |
| 05 | Linux Fundamentals Part 2 | 1 hr | System Hacking |
| 06 | Linux Fundamentals Part 3 | 1 hr | System Hacking |
| 07 | What is Networking? | 45 min | Footprinting |
| 08 | Intro to LAN | 45 min | Footprinting |
| 09 | OSI Model | 30 min | Sniffing |
| 10 | DNS in Detail | 45 min | Footprinting |
| 11 | HTTP in Detail | 45 min | Web App Hacking |
Phase 3 — Reconnaissance & Scanning (~6 hr)
CEH's biggest domains. Nmap alone accounts for 3–5 exam questions.
Do not rush these.
| # | Room | Time | CEH Domain |
|---|---|---|---|
| 12 | Nmap | 2 hr | Scanning Networks |
| 13 | Nmap Live Host Discovery | 1.5 hr | Scanning |
| 14 | Passive Reconnaissance | 1 hr | Footprinting |
| 15 | Active Reconnaissance | 1 hr | Footprinting |
| 16 | Content Discovery | 1.5 hr | Web App Hacking |
Phase 4 — Web Application Hacking (~10 hr)
If you have a dev background — React, Node, Django, Laravel, anything —
you'll move faster here than 90% of people. You already understand
request-response cycles, session handling, and how SQL queries get built.
Now you exploit them.
| # | Room | Time | CEH Domain |
|---|---|---|---|
| 17 | How Websites Work | 45 min | Web App Hacking |
| 18 | OWASP Top 10 — 2021 | 3–4 hr | Web App Hacking |
| 19 | Burp Suite: The Basics | 2 hr | Web App Hacking |
| 20 | SQL Injection | 2 hr | SQL Injection |
| 21 | Cross-site Scripting | 1.5 hr | Web App Hacking |
| 22 | File Inclusion | 1.5 hr | Web App Hacking |
The OWASP Top 10 room is the crown jewel of this phase. Each task is
a separate OWASP category with a live lab. Don't rush it.
Phase 5 — Exploitation & Post-Exploitation (~9.5 hr)
Metasploit is explicitly tested in CEH. This is not optional.
| # | Room | Time | CEH Domain |
|---|---|---|---|
| 23 | Metasploit: Introduction | 1.5 hr | System Hacking |
| 24 | Metasploit: Exploitation | 2 hr | System Hacking |
| 25 | Metasploit: Meterpreter | 1.5 hr | System Hacking |
| 26 | Hydra | 1 hr | Password Cracking |
| 27 | John the Ripper | 1.5 hr | Cryptography |
| 28 | Encryption — Crypto 101 | 2 hr | Cryptography |
Phase 6 — Beginner Practice Machines (~9 hr)
No guidance. Just you and the machine. Spend 30 minutes trying before
you look at any walkthrough — the stuck feeling is where learning
actually happens.
| # | Room | Time | Type |
|---|---|---|---|
| 29 | Pickle Rick | 1–2 hr | Web + Linux CTF |
| 30 | Basic Pentesting | 2 hr | Full pentest cycle |
| 31 | Ignite | 1.5 hr | CMS exploit + privesc |
| 32 | Bounty Hacker | 1.5 hr | FTP → SSH → privesc |
| 33 | RootMe | 2 hr | File upload + SUID |
Phase 7 — Intermediate Machines (post-CEH territory)
These expect you to enumerate independently and research on your own.
This is where HTB-level skills start building.
| # | Room | Time | Domain |
|---|---|---|---|
| 34 | Blue | 2–3 hr | EternalBlue (MS17-010) |
| 35 | Ice | 2–3 hr | Icecast exploit → Meterpreter |
| 36 | Crack the Hash | 2 hr | Multi-format hash cracking |
| 37 | Advent of Cyber (Archive) | Ongoing | All CEH domains |
Advent of Cyber archives are free year-round. 25 challenges covering
every domain. The best free structured content THM offers.
Realistic Timeline
| Phases | Time | Daily Commitment |
|---|---|---|
| Phases 1–3 | ~2 weeks | 1 hr/day |
| Phases 4–5 | ~2 weeks | 1 hr/day |
| Phases 6–7 | ~2 weeks | Weekends |
Download the PDF Version
I packaged this into a printable PDF with checkboxes beside every room —
tick them off as you complete each one.
[Download PDF → GitHub link here - https://github.com/SoumyaKhaskel/TRY_HACK_ME]
One Last Thing
The most common mistake I see: people complete rooms but don't document
anything. Every room you finish, write two sentences about what you learned.
Paste it into a Notion doc, a private GitHub repo, anywhere. Those notes
become your interview answers six months from now.
If this helped you, share it with someone else who's been staring at the
THM homepage not knowing where to start.
Good luck. The struggle is the lesson.
— Soumya | LinkedIn |
GitHub |
THM Profile
Top comments (0)