Skip to main content

Creating Your First Room

Follow simple steps to create, manage, and share your room.

Bubbles avatar
Written by Bubbles
Updated over 2 months ago

Creating A Room

Before creating your first room, please ensure you toggle the room developer options. To create a new room, click on the Develop tab and Manage Rooms:

Then click on the Create new room button:

Fill out the mandatory fields, and click Create Room:

You should get a confirmation message and see your new room in the manage rooms section:

Clicking on your room will bring you to the management section of your room.

Managing Your Rooms

Best Practices

Guideline for Creating Rooms:

  1. Brute Force Actions

    Brute force actions performed in the AttackBox should be completed within five minutes or less. Keep in mind that each user may have a unique VM configuration. Ensure that any hashes intended for cracking are completed within the specified timeframe using either Hashcat or John the Ripper with the rockyou.txt wordlist. If an alternative method is used, please provide hints accordingly.

  2. Room Type

    Currently, only challenge rooms are accepted.

  3. Timing Attacks

    If your room involves timing attacks, ensure there is a noticeable delay.

  4. Use of Non-Standard Tools

    If you are using non-standard tools, consider mentioning them in hints or room tags for clarity.

  5. Content Variety

    We aim to avoid repeating content already covered on the platform. For example, challenges related to cryptography or steganography should introduce new concepts or topics. If your room does not introduce something unique, we encourage you to share it with friends only.

Questions

Question Limit

Rooms should contain a maximum of 15 questions, unless you have a lengthy walkthrough and explicit approval from the admin team. This helps avoid creating excessively point-heavy rooms.

Avoid "Quiz" Style Rooms

  • Avoid creating "quiz"-style rooms unless explicitly approved by an admin.

  • We encourage new ideas and techniques to be discussed in your room.

  • Instead of focusing solely on quizzes, design tasks that require users to apply their knowledge. For example, use two or three questions to summarize your task, but don’t make the quiz the main focus of the room.

Using the machine_ip Feature

When writing tasks, you can make use of the machine_ip feature. This works as a variable that will automatically fill in when users deploy an instance.

Before deploying an instance:

After deploying an instance:

Question Ideas

  • The amount of guidance you offer should be based on the difficulty level of your room. Use the Difficulty Levels feature to help decide how much assistance is appropriate.

  • When validating command outputs, be clear with your instructions. For example, if the user is running Nmap, specify which ports they should focus on to guide them in the right direction.

  • In Boot2Root-style rooms, you can use user and root flags to show the user's progress and help them understand the challenge.

  • Tailor your questions to the purpose of your room. If you are teaching a new technique, encourage users to apply what they've learned instead of just testing their knowledge. Avoid making your room feel like a simple quiz.

Room Avatar

Avatars should have a transparent background to ensure compatibility with dark theme. They must be relevant to the room’s theme, appropriate for an educational site, and added to all rooms that will be made public.

Difficulty level

Clarity depends on the level of difficulty:

Easy - Full guidance is provided throughout the room.

Medium - Some guidance and general direction are offered.
The user will likely need to conduct research to figure out how to use the presented tool.

Hard - No guidance is given. Trial and error is required, and some tools may fail. The first option presented might not always work.

If you are unsure, you can pick the difficulty that you feel suits your room best. Room testers might suggest the difficulty they feel is more appropriate.

Tags

For rooms to be made public, a minimum of 4 tags is required. Here are some tag suggestions:

  1. Room series (if applicable.)

  2. General theme.

  3. Major topic covered.

  4. Tools used.

  5. Vulnerable protocols.

Rooms without tags will not be made public. However, there is some leniency for challenges due to potential spoilers. For instance, you are not required to list CVE numbers that could spoil the challenge.

Room Descriptions

Short abstract of room, detail depending on difficulty level and style of room (challenge/walkthrough.)

General Documentation

Connection documentation should be limited, unless it is part of a larger room or event. For example, directing users to the OpenVPN room for connection is acceptable. However, if you are creating a walkthrough room where users need to authenticate with a service (e.g., a web app or SSH on a VM), you must clearly display the necessary credentials.

Miscellaneous Notes

  • The available VM OS types are limited due to AWS restrictions; TryHackMe does not impose these limits. Specifically, Debian versions newer than Debian 8 cannot be used.

  • For Windows installations, the system must boot from an MBR partition. GPT partitions will not work and will fail during conversion.

  • Please do not activate Windows - TryHackMe uses AWS licensing for Windows. For more details on AWS requirements, refer to The AWS Conversion Requirements. Failure to follow these guidelines will result in VM conversion failure.

Thanks for being interested in making content!

TryHackMe

Did this answer your question?