Cct2019 Tryhackme ★ Best

Report: CCT2019 — TryHackMe

Overview

CCT2019 is a TryHackMe challenge focused on capture-the-flag style web and network exploitation tasks from the 2019 Capture the Flag competition. The room (or walkthrough) guides users through enumeration, vulnerability identification, exploitation, privilege escalation, and post‑exploitation analysis. This report summarizes objectives, methodology, findings, exploit steps, and mitigation recommendations.

Environment & Tools

• Target: CCT2019 TryHackMe machine (web service + additional exposed services).
• Attacker host: Kali Linux (or equivalent).
• Tools used: nmap, gobuster/dirbuster, nikto, wfuzz, curl, Burp Suite, sqlmap, hydra/Medusa (if brute force needed), linpeas/linenum, sudo -l, ssh, netcat, certutil/wget/curl for file transfer.

• 22 – SSH
• 80 – HTTP
• 8080 – HTTP (alternative)
• 3306 – MySQL (sometimes)

Interesting Discovery:

Running sudo -l reveals that the chester user (or a similar low-priv user) can run a specific binary as root without a password: cct2019 tryhackme