Cct2019 Tryhackme 'link' Jun 2026
TryHackMe CCT2019 Write-up Introduction In this write-up, we will walk through the steps taken to complete the CCT2019 challenge on TryHackMe, a popular online platform for learning and practicing cybersecurity skills. The CCT2019 challenge is designed to mimic a real-world Capture The Flag (CTF) competition, where participants have to exploit vulnerabilities in a provided virtual machine (VM) to gain access to sensitive information. Initial Reconnaissance Upon launching the CCT2019 VM on TryHackMe, the first step was to perform an initial scan of the machine to gather information about its configuration and potential vulnerabilities. This was achieved using the nmap command: nmap -sV -p- <IP Address>
The scan revealed that the machine was running Windows 10 and had several open ports, including:
Port 3389 : Remote Desktop (RDP) Port 80 : HTTP Port 445 : SMB
Identifying Potential Vulnerabilities The next step was to investigate the open ports and identify potential vulnerabilities. Port 80 (HTTP) was explored by accessing http://<IP Address> in a web browser. This revealed a login page for a custom web application. Further investigation of the web application revealed a potential SQL injection vulnerability. However, before attempting to exploit this vulnerability, it was necessary to gather more information about the machine and its configuration. Enumerating Users and Groups Using the enum4linux tool, we enumerated users and groups on the machine: enum4linux -a <IP Address> cct2019 tryhackme
This revealed a list of users, including:
Administrator cct2019
It also revealed that the cct2019 user was a member of the Administrators group. Exploiting the SQL Injection Vulnerability The SQL injection vulnerability was exploited using Burp Suite, a web application security testing tool. A malicious SQL query was injected into the login form to extract sensitive information: ' OR 1=1 -- TryHackMe CCT2019 Write-up Introduction In this write-up, we
This query returned a list of users and their corresponding passwords. One of the users had a password that could be used for further exploitation. Gaining Initial Access Using the extracted credentials, we gained initial access to the machine via RDP: xfreerdp /u cct2019 /p <password> /v <IP Address>
Once connected, we explored the machine and found a .txt file containing a cryptic message:
"cLzF"
Escalating Privileges The .txt file hinted at a potential privilege escalation vulnerability. Further investigation revealed that the cct2019 user had the SeImpersonatePrivilege privilege enabled. This privilege can be used to impersonate other users, including the SYSTEM user. Using the JuicyPotato tool, we exploited this vulnerability to gain SYSTEM -level access: .\JuicyPotato.exe -l 1337 -p C:\Windows\System32\cmd.exe -a "/c net localgroup administrators cct2019 /add" -c all
Maintaining Access With SYSTEM -level access, we created a new user account and added it to the Administrators group: net user cct2019 <password> /add net localgroup administrators cct2019 /add