HTB Season 10: CCTV Writeup

HTB Season 10 · 6

CCTV is a Linux machine rated Easy that focuses on exposed admin panels with default creds set that lead to foothold through SSH by cracking hash exfiltrated by boolean SQLI, with another service running locally as root vulnerable to RCE we escalated privilege

March 30, 202610 min read

Linux Easy HTB RCE brute-force traffic-sniffing SQLI

Enumeration

as usual gonna start with our nmap

bash

jimmex@attacker ➜ nmap -sC -sV -vv -oA initial 10.129.18.51
Starting Nmap 7.95 ( https://nmap.org ) at 2026-03-30 15:14 EET
NSE: Loaded 157 scripts for scanning.                                             
NSE: Script Pre-scanning.                                                                       
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 15:14
Completed NSE at 15:14, 0.00s elapsed
< snip>
Nmap scan report for 10.129.18.51
Host is up, received echo-reply ttl 63 (0.19s latency)....

This article is currently locked.

unlock

notify

`Share`

← previous
HTB Season 10: Pirate Writeupnext →
HTB Season 10: Variatype Writeup

`Subscribe to the newsletter`

Get new posts delivered to your inbox.