About this series#
This is the collection of 16 TryHackMe machines I documented while preparing for the eJPTv2 (eLearnSecurity Junior Penetration Tester v2). I solved them in progressive order, covering all topics that appear in the exam: enumeration, web, SMB, bruteforce, privilege escalation, and basic pivoting.
Each walkthrough includes:
- Executive summary with platform, difficulty, and skills exercised
- YouTube video (when available)
- Complete commands with their output
- Justification for every flag and technical decision
- Lessons learned applicable to other machines
- eJPT connection — what exam topics it exercises
Recommended order#
Machines are numbered by increasing difficulty. If you’re starting out, follow the order. If you have experience, jump to the ones covering specific topics where you feel weakest.
About eJPTv2#
The eJPTv2 is a hands-on junior pentesting certification. It evaluates real skills in a CTF-style environment over 48 hours. This series covers the fundamentals you need to master before sitting the exam.
Summary Basic Pentesting is the first machine in my Road to eJPTv2 series. It’s an excellent starting point because it covers several areas that appear on the exam: service enumeration (SMB, HTTP), directory fuzzing, SSH bruteforce, and SSH private key cracking. If you’re starting with TryHackMe and the eJPT, this machine is mandatory.
Attribute Value Platform TryHackMe Difficulty Easy OS Linux Room Basic Pentesting Skills SMB Enum, Web Fuzzing, SSH Bruteforce, SSH Key Cracking Video version If you prefer to follow the walkthrough step by step, keep reading. The video covers the same process in visual format.
...
Summary Pickle Rick is the second machine in the Road to eJPTv2 series and one of the most entertaining on TryHackMe. Unlike the first machine where the vector was SSH bruteforce, here the focus is entirely web-based: source code review, directory enumeration, and exploitation of a command panel with direct RCE. The objective is to find three secret ingredients Rick needs to revert his pickle transformation.
Attribute Value Platform TryHackMe Difficulty Easy OS Linux Room Pickle Rick Skills Web Enum, Source Code Review, RCE, Reverse Shell, Sudo Privesc 🎥 Video version If you prefer to follow the walkthrough step by step, keep reading. The video covers the same process in visual format.
...
Summary RootMe is the third machine in the Road to eJPTv2 series and introduces two new techniques not seen before: file upload filter bypass and privilege escalation via Python SUID. Unlike previous machines where access came through exposed credentials or direct RCE, here we need to bypass an extension restriction to upload a reverse shell.
Attribute Value Platform TryHackMe Difficulty Easy OS Linux Room RootMe Skills Web Enum, File Upload Bypass, Reverse Shell, SUID Abuse 🎥 Video version If you prefer to follow the walkthrough step by step, keep reading. The video covers the same process in visual format.
...
Summary Simple CTF is the fourth machine in the Road to eJPTv2 series and the most technically varied so far. It introduces three new vectors: anonymous FTP access, SQLi exploitation with a real CVE (CVE-2019-9053) against CMS Made Simple, and privilege escalation via sudo vim. Additionally, the obtained hash is salted, requiring a custom cracking script — a differentiating skill.
Attribute Value Platform TryHackMe Difficulty Easy OS Linux Room Simple CTF Skills FTP Enum, Web Enum, SQLi, Hash Cracking, SSH, Sudo Privesc 🎥 Video version If you prefer to follow the walkthrough step by step, keep reading. The video covers the same process in visual format.
...
Summary Bounty Hacker is the fifth machine in the Road to eJPTv2 series and one of the most straightforward in terms of attack flow. Anonymous FTP doesn’t just confirm lax configurations — this time it directly delivers a password wordlist and the target username. With that data, Hydra does the heavy lifting against SSH. The escalation via sudo tar introduces a new GTFOBins binary worth knowing.
Attribute Value Platform TryHackMe Difficulty Easy OS Linux Room Bounty Hacker Skills FTP Enum, SSH Bruteforce, Sudo Privesc (tar) 🎥 Video version If you prefer to follow the walkthrough step by step, keep reading. The video covers the same process in visual format.
...
Summary Lazy Admin is the sixth machine in the Road to eJPTv2 series and the most elaborate so far in terms of attack chain. There’s no single vector — you have to chain: two-layer fuzzing to find the CMS, credential extraction from an exposed MySQL backup, MD5 hash cracking, admin panel access, reverse shell upload, and an indirect privilege escalation via sudo Perl that modifies an intermediate script.
Attribute Value Platform TryHackMe Difficulty Easy OS Linux Room Lazy Admin Skills Web Enum, CMS Exploitation, Hash Cracking, File Upload, Sudo Privesc (Perl) 🎥 Video version If you prefer to follow the walkthrough step by step, keep reading. The video covers the same process in visual format.
...
Summary c4ptur3-th3-fl4g is the seventh machine of the Road to eJPTv2 series and the most different one so far. No service exploitation, no reverse shells, no privesc. It’s a pure encoding, cryptography and steganography challenge — designed to get you comfortable with data representation systems that appear constantly in CTFs and forensic analysis.
This room covers: leetspeak, binary, Base32, Base64, hexadecimal, ROT13, ROT47, Morse code, BCD, Brainfuck/Malbolge, audio spectrograms and image steganography.
...
Summary Skynet is the eighth machine of the Road to eJPTv2 series and one of the most complete in the path. It combines SMB enumeration, brute force against a webmail, exploitation of a CMS with Remote File Inclusion, and a classic privilege escalation based on tar wildcard injection in a cron job.
A chained attack flow where each phase depends on the previous one — exactly the kind of reasoning the eJPT evaluates.
...