HackTheBox - CozyHosting

Name: HackTheBox - CozyHosting
Uploaded: 2024-03-02T15:00:39Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap 03:10 - Identify JSESSIONID with nginx, but nginx appears to be configured correctly 06:00 - Googling the err...

IppSec · Beginner ·🔐 Cybersecurity ·2y ago

00:00 - Introduction 01:00 - Start of nmap 03:10 - Identify JSESSIONID with nginx, but nginx appears to be configured correctly 06:00 - Googling the error message to identify the page uses SpringBoot, using a SpringBoot wordlist to find actuators! 10:30 - Using the Sessions Actuator and seeing a session for kanderson, logging in to get to the admin interface 14:15 - Finding RCE in the ExecSSH Page 23:20 - Shell on CozyHosting, looking at running services 26:00 - Examining the CozyHosting Jar to identify PostGres credentials then dumping the users table and cracking hashes 33:00 - Josh can run …

Watch on YouTube ↗ (saves to browser)

Chapters (10)

Introduction

1:00 Start of nmap

3:10 Identify JSESSIONID with nginx, but nginx appears to be configured correctly

6:00 Googling the error message to identify the page uses SpringBoot, using a Sprin

10:30 Using the Sessions Actuator and seeing a session for kanderson, logging in to

14:15 Finding RCE in the ExecSSH Page

23:20 Shell on CozyHosting, looking at running services

26:00 Examining the CozyHosting Jar to identify PostGres credentials then dumping th

33:00 Josh can run SSH with sudo, using proxy command to get root

34:10 Explaining what ProxyCommand is

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →