Jr Penetration Tester Path

The full TryHackMe Jr Penetration Tester path — every command explained, every output read. From first nmap scan to root shell.

◈39rooms

◈8sections

◈~31hestimated

◈guidedevery step

What you build

▸Nmap scanning and service enumeration

▸Web application attack techniques (SQLi, XSS, IDOR, LFI, SSRF)

▸Burp Suite — intercept, repeat, intruder, extensions

▸Exploitation with Metasploit and Meterpreter

▸Linux privilege escalation — SUID, sudo, cron, capabilities

▸Network reconnaissance — passive and active

▸Shell types — bind, reverse, web shells

▸CVE research and vulnerability exploitation

The Path

Introduction to Cyber Security

Foundational concepts in offensive and defensive security

3 rooms

▸Offensive Security Introeasy15m ▸Defensive Security Introeasy30m ▸Careers in Cybereasy30m

↓

Introduction to Pentesting

Ethics, methodologies, and principles behind penetration testing

2 rooms

▸Pentesting Fundamentalseasy30m ▸Principles of Securityeasy30m

↓

Introduction to Web Hacking

Core web application attack techniques

11 rooms

▸Walking An Applicationeasy35m ▸Content Discoveryeasy30m ▸Subdomain Enumerationeasy30m ▸Authentication Bypasseasy30m ▸IDOReasy20m ▸File Inclusionmedium40m ▸SSRFeasy25m ▸Cross-Site Scriptingeasy40m ▸Race Conditionsmedium45m ▸Command Injectioneasy25m ▸SQL Injectionmedium45m

↓

Burp Suite

Master the industry-standard web security testing tool

5 rooms

▸Burp Suite: The Basicseasy30m ▸Burp Suite: Repeatereasy30m ▸Burp Suite: Intrudereasy40m ▸Burp Suite: Other Moduleseasy30m ▸Burp Suite: Extensionseasy15m

↓

Network Security

Reconnaissance, scanning, and network protocol analysis

9 rooms

▸Passive Reconnaissanceeasy30m ▸Active Reconnaissanceeasy1h ▸Nmap Live Host Discoverymedium2h ▸Nmap Basic Port Scansmedium2h ▸Nmap Advanced Port Scansmedium2h ▸Nmap Post Port Scansmedium2h ▸Protocols and Serverseasy1h ▸Protocols and Servers 2medium1h 30m ▸Net Sec Challengemedium45m

↓

Vulnerability Research

Finding and exploiting vulnerabilities

3 rooms

▸Vulnerabilities 101easy30m ▸Exploit Vulnerabilitieseasy20m ▸Vulnerability Capstoneeasy30m

↓

Metasploit

The penetration testing framework

3 rooms

▸Metasploit: Introductioneasy1h ▸Metasploit: Exploitationeasy1h 30m ▸Metasploit: Meterpretereasy1h 30m

↓

Privilege Escalation

Escalating access on Linux and Windows systems

3 rooms

▸What the Shell?easy45m ▸Linux Privilege Escalationmedium50m ▸Windows Privilege Escalationmedium1h

Ready to start?

Free to try. 6 rooms on us. Bring your own API key for the rest.

Get Started Free See pricing →