Creating your first room
Written by Gonzo
Updated this week

Creating a room

Before creating your first room, please toggle the room developer options.

To create a new room, click on the "develop" tab and "manage rooms":

Then click on the "Create new room" button:

Fill out the mandatory fields, and click "Create room":

You should get a confirmation message and see your new room in the manage rooms section:

Clicking on your room will bring you to the management section of your room; you can find more information regarding this in this article.

Best practices

Guidance/stipulations for creating rooms

  • Brute force actions performed using the AttackBox should be completed within five minutes or less, considering that each user may have a unique VM configuration. Ensure that any hashes intended to be cracked do so within the specified timeframe using either Hashcat or John with the rockyou.txt wordlist; if an alternative method is used, provide hints accordingly.

  • Currently, we only accept challenge rooms

  • Timing attacks should have a long enough delay to be noticeable

  • If non-standard tools are used, consider mentioning them in hints or room tags

  • We are trying to avoid the same types of content on the site. For example, cryptography and steganography challenges. Unless you introduce a new topic that hasn't been covered, we will encourage you to share your room with friends only.


  • 15 questions max unless you have a very lengthy walkthrough AND have explicit approval from the admin team - Avoids excessively point-heavy rooms

  • Try to stay from "quiz" style rooms if not previously approved by an admin. We'd much rather see new ideas and techniques being discussed! There is no reason you can't design tasks to make the user apply their knowledge from what you have discussed, for example, two or three questions that can be used to summarise your task - please don't make this the focus of your room.

  • You can make use of the machine_ip feature when writing out tasks. Think of this as a variable that will fill when users deploy an instance.

Before deploying an instance:

After deploying an instance:

Question ideas

  • Depends on the difficulty level. Use the "Difficulty Levels" to decide how much guidance you should provide.

  • Validation of command output

  • If they're running Nmap, what ports should they focus on?

  • Boot2root style rooms can be user+root flags.

  • Tailor your questions around the aims of your room. Are you giving a walkthrough of a new technique? Get the user to apply their knowledge from what you have discussed throughout the room. As previously discussed, avoid making this just a quiz.

Room avatar

  • Avatars should have a transparent background for dark theme purposes

  • Appropriate avatars should be added to all rooms to be made public; the avatar should be related to the room's concepts or theme and should be site-appropriate. We are an educational site.

Difficulty level

Clarity depends on the level of difficulty


  • Full guidance


  • Some guidance and general direction were provided

  • User will likely have to do some research to determine how to use the presented tool


  • No guidance

  • Trial and error are required as some tools may fail

  • Often, the first option presented might not work

If you are unsure, you can pick the difficulty that you feel suits your room best. Room testers will suggest the difficulty they feel is more appropriate.


For public rooms, we require a minimum of 4 tags. Some ideas for what we expect are listed below:

  • Room series, if applicable

  • General theme

  • Major topic covered

  • Tools used

  • Vulnerable Protocols

Rooms that do not include tags will not be made public, although challenges have some leniency due to spoilers. For example, we are not expecting you to list CVE numbers that will spoil the challenge.

Room descriptions

Short abstract of room, detail depending on difficulty level and style of room (challenge/walkthrough)

General documentation

Limitation in connection documentation unless it is part of a vast room/event room. For example, directing people to the openvpn room to connect is okay. If you are doing a walkthrough room and expecting people to authenticate with a service such as a web app or SSH on the VM, please clearly display the credentials.

Miscellaneous notes

  • The VM OS types are limited because of AWS; TryHackMe does not impose them. Notably, this means you cannot use any Debian after Debian 8.

  • Windows installs MUST be booting off an MBR partition; GPT will not work and will fail to convert.

  • Please don't activate Windows. TryHackMe uses AWS licensing for these. For more information on the AWS requirements, see The AWS Conversion requirements. If you do not follow these requirements, VM conversion will fail.

Thanks for being interested in making content!

Did this answer your question?