TryHackMe Checkmate | Full Walkthrough 2026

Exploit weak password practices across Marco’s internal systems to achieve full compromise. 🤖🤖 Room link: https://tryhackme.com/room/checkmate 🐍 Challenge: 🐍 Marco Bianchi, a systems administrator, recently deployed several internal services, including a Firewall console, employee portal, social platform, and SSH access to critical infrastructure. Due to tight deadlines and operational pressure, Marco reused weak, predictable, and pattern-based passwords across multiple systems. Your objective is to conduct a password security assessment to identify weaknesses in Marco’s authentication practices. 🐱 Challenge Levels: 🐱 🍐 Level 1: Marco deployed a firewall at firewall[.]tthm:5001 but kept default credentials. 🍐 Level 2: Marco built an internal Employee Login panel on jobs[.]tthm:5002 and used common company keywords as passwords. 🍐 Level 3: Navigate to social[.]thm:5003 and derive Marco's password from personal info. 🍐 Level 4: On social[.]tthm:5003, Marco recently uploaded a new profile picture. For privacy and storage consistency, the platform automatically renames uploaded files to the SHA256 hash of the original filename and saves them in the format (SHA256).png. Your task is to identify the original filename of Marco uploaded profile picture. Submit only the filename to proceed. 🍐 Level 5: Marco has revealed his password pattern on social[.]tthm:5003, using predictable rules based on keywords and formatting. Use this information to generate a targeted wordlist and brute-force the SSH service with username marco. ⚠️ Educational Purpose Only This content is for educational and authorized penetration testing purposes only. Always ensure you have permission before testing on any systems. Don't forget to 👍 LIKE and 🔔 SUBSCRIBE for more cybersecurity tutorials! #TryHackM