Cct2019 Tryhackme ((new)) May 2026

is a "Blue Team" oriented capture-the-flag (CTF) challenge originally from the US Navy Cyber Competition Team 2019 Assessment

The Discovery: We now know the victim was running an older Windows 7 machine—likely vulnerable to modern exploits due to lack of patching. cct2019 tryhackme

Task 4: Lateral Movement

The room is known for including intentional "rabbit holes"—complex-looking files (like certain images) that ultimately lead nowhere, testing your ability to prioritize leads. Reverse Engineering (RE): One of the most praised tasks involves reversing a .NET application using tools like to find specific slider combinations or hardcoded secrets. Analytical Depth: Unlike many CTFs that reward speed, CCT2019 rewards analytical depth is a "Blue Team" oriented capture-the-flag (CTF) challenge

• Checked sudo privileges (sudo -l).
• Reviewed cron jobs, SUID/SGID binaries, weak file permissions, and credentials in config files.
• Found privilege escalation vector: [sudo misconfiguration / world-writable scripts / outdated kernel / SUID binary exploited].

base64 /etc/shadow | base64 -d

7. Carving Deleted Files from PCAP

• Use foremost on the raw PCAP:
  foremost -i CCT2019.pcap -o carved_output
• Found: A .zip file containing a password‑protected document.
• Crack password (John the Ripper / zip2john) → weak password cct2019.
• Inside: flag4carving_ is_ key.

5. Privilege Escalation