CozyHosting
CozyHosting
CozyHosting 559
CozyHosting
RETIRED MACHINE

CozyHosting

CozyHosting - Linux Linux
CozyHosting - Easy Easy

4.5

MACHINE RATING

16922

USER OWNS

16766

SYSTEM OWNS

02/09/2023

RELEASED
Created by commandercool

Machine Synopsis

CozyHosting is an easy-difficulty Linux machine that features a `Spring Boot` application. The application has the `Actuator` endpoint enabled. Enumerating the endpoint leads to the discovery of a user's session cookie, leading to authenticated access to the main dashboard. The application is vulnerable to command injection, which is leveraged to gain a reverse shell on the remote machine. Enumerating the application's `JAR` file, hardcoded credentials are discovered and used to log into the local database. The database contains a hashed password, which once cracked is used to log into the machine as the user `josh`. The user is allowed to run `ssh` as `root`, which is leveraged to fully escalate privileges.

Machine Matrix

Ready to start your
hacking journey?