This series of walkthroughs aims to help out complete beginners with finishing the Pre Security Path on the TryHackMe (thm)1 website.

It is based on the learning content provided in the Intro to Offensive Security room.

Task 1 - Hacking your first machine

Our objective in this task is to hack a fake bank application that goes by the name of “FakeBank”. Following the steps in the room, we get access to a linux machine where we can run our commands.

First we print out our current working directory (see the red circle with the 1 - referred to as #1), and list all the files and directory within (see #2).

gobuster results

The following commands were used:

command namedescription
pwdprint name of current/working directory
ls -hlag
command namedescription
lslist directory contents
-luse a long listing format
-a–all (hidden files inclusive)

This is done so to verify our direct access to the wordlist file that contains a list possible directory names. With it’s help, gobuster will iterate through this list to find the directories present on the target website (

gobuster -u -w wordlist.txt dir
command namedescription
gobusterused to brute-force URIs including directories and files as well as DNS subdomains
-uThe target URL
-wPath to the wordlist
dirUses directory/file enumeration mode

Just like in the tutorial, a website/directory called “/bank-transfer” is found on the target website. Now we can head over, and open it up in our favorite browser.

secret site

Note that we appended the site we found to the target website to get full url. (

Filling out the transfer parameters correctly and sending the money will land us the flag.

transfer funds

But to actually read the flag, we have to head back to the target site’s main page (

successful transfer

get the flag

With this, answering the questions before proceeding to the next task should not pose any problems.

Question 1: When you’ve transferred money to your account, go back to your bank account page. What is the answer shown on your bank balance page?


Question 2: If you were a penetration tester or security consultant, this is an exercise you’d perform for companies to test for vulnerabilities in their web applications; find hidden pages to investigate for vulnerabilities.

No answer needed

Question 3: Terminate the machine by clicking the red “Terminate” button at the top of the page.

No answer needed

Task 2 - What is Offensive Security?

Read the introduction to offensive security before proceeding to the next task.

Question 1: Read the above.

No answer needed

Task 3 - Careers in cyber security

Get a better idea of the possible careers in cyber security before finishing the task.

With that, we successfully finished our first room in the module. Remember to terminate the linux machine if you hadn’t done it already, before proceeding to the next room. (Check out Task 1 for further details.)

Question 1: Read the above, and continue with the next room!

No answer needed

  1. thm - shorthand for TryhackMe from now on ↩︎