Loading SnpView...
The primary goal of the CCT2019 room is to locate and capture two flags:
Note: The following contains spoilers and methodology for solving the challenges.
While TryHackMe hosts many rooms and competitions today, CCT2019 stands out for three specific reasons:
1. Real-World Context The challenges were not just abstract puzzles. They mimicked scenarios a junior analyst might face in a Security Operations Center (SOC) or a penetration tester might encounter on an engagement. For example, finding a flag wasn't just about guessing a password; it was about understanding why a service was vulnerable.
2. The Learning Curve Many CTFs suffer from a "knowledge gap"—you either know the specific trick to solve the challenge, or you are stuck. CCT2019 provided enough context within the challenges to encourage research. It forced players to learn how to learn, a skill far more valuable than memorizing a specific exploit.
3. Community Building This event took place during a massive growth period for the TryHackMe platform. It fostered a sense of community as players took to Discord and forums to discuss methodologies (without giving away answers). It solidified the "hacker mindset" of collaborative learning.
Your first task is to enumerate the compromised machine. Using nmap, you discover open ports: 22 (SSH), 80 (HTTP), and 31337 (an unusual high port).
nmap -sC -sV 10.10.10.100
Port 80 hosts a rudimentary "North Pole Inventory Portal." A quick directory bust with gobuster reveals /backup and /admin. The /admin page is protected by HTTP Basic Auth, but the backup folder contains a users.txt.bak file.
Inside:
claus:rudolph123
elf:workshop2019 tryhackme cct2019
Bingo. Weak credentials strike again.
The competition was unique because it catered to different skill levels by splitting the challenges into distinct categories. This ensured that absolute beginners weren't discouraged, while still offering enough meat for intermediate players to sink their teeth into.
The TryHackMe CCT2019 room is a masterclass in intermediate-level penetration testing. It strips away fluff and presents a clean, logical chain: web enumeration → command injection → database pivot → SUID privilege escalation.
By completing this room, you don't just learn to "capture flags." You learn to think like an attacker and, more importantly, like a defender. Add this room to your learning path today, and you'll walk away with skills that translate directly to the field.
Ready to hack? Log into TryHackMe, search for "CCT2019," and spin up the machine. And remember—the enumeration you do in the first 20 minutes determines whether you finish in an hour or five.
Have you completed the TryHackMe CCT2019 room? Share your favorite technique or the part where you got stuck in the comments below. Happy hacking!
The CCT2019 room on TryHackMe is a collection of legacy challenges from the US Navy Cyber Competition Team 2019 Assessment, sponsored by the US TENTH Fleet. It is rated as Insane difficulty and focuses on an analytical journey through multiple disciplines, including PCAP analysis, cryptography, and digital forensics. The Story of the Assessment
The narrative of CCT2019 isn't a traditional lore-heavy story, but rather a sequence of high-stakes technical investigations that mirror a military cyber assessment. The primary goal of the CCT2019 room is
Task 1 & 2: Network Forensics (PCAP)The journey begins with intense PCAP analysis, where you act as a digital detective sifting through network traffic to identify suspicious activity and exfiltrated data.
Task 3: Historical CryptographyThe mission shifts to WWII-era encryption. You encounter a config.txt file that requires using an Enigma M4 "Shark" to decrypt a password for a locked file named flag.zipper.
Task 4: The Three-Part DecipheringThe final "story" arc involves a series of consequential steps to unlock the ultimate secret:
Keyboard Layout Substitution: Converting text based on different keyboard layouts.
OSINT and Video Analysis: Finding a specific YouTube video to identify a password for a railfence cipher.
Python Scripting: Writing code to convert numerical sequences (0–6) into binary using the modulo operator ( ), eventually revealing the final ASCII flag. Key Skills Tested
According to Abel Benedict on LinkedIn, completing this room requires extreme attention to detail and persistence in: Reverse Engineering: Breaking down complex binaries.
Forensics: Recovering data from packet captures and hidden files. Port 80 hosts a rudimentary "North Pole Inventory Portal
Cryptography: Solving ciphers ranging from modern logic to historical machines. CCT2019 - TryHackMe
The TryHackMe Cyber Challenge 2019 (CCT2019) was a seminal event in the platform's history, marking a shift from simple individual rooms to large-scale, competitive CTF (Capture The Flag) events. It served as a predecessor to the highly popular "Advent of Cyber" series.
While the live competition has long since ended, the challenge remains accessible on TryHackMe as a learning resource. It is designed to test a wide range of offensive security skills, including Open Source Intelligence (OSINT), cryptography, steganography, and binary exploitation.
Below is a detailed breakdown, walkthrough guide, and analysis of the CCT2019 challenge.
Using elf:workshop2019, you log into SSH. You’re now on the system as a low-privileged elf. But the attacker wasn’t here yet—they used the same credentials to upload a malicious PHP script via the inventory portal’s file upload feature.
You find the script in /var/www/html/uploads/shell.php. It’s a simple web shell:
<?php system($_GET['cmd']); ?>
This is how the attacker first executed commands as www-data.
TryHackMe CCT2019 was more than just a game; it was a proving ground. It took the intimidation factor out of cybersecurity competitions and replaced it with curiosity and a drive to learn. For many, it was the first step in transitioning from a hobbyist to a professional, cementing TryHackMe’s reputation as the premier platform for hands-on cyber education.