Quantcast
Channel: Tutorials - Hack The Box :: Forums
Viewing all articles
Browse latest Browse all 83

CozyHosting writeup by evyatar9

$
0
0

Read my writeup to CozyHosting on:

TLDR
User: Discovered a jar file hosted on port 8000. Extracted portal (port 80) credentials and DB credentials from the JAR file. Attained a reverse shell using command injection on the username field via the /executessh API. Cracked the admin password from the database and subsequently utilized it to SSH login as the josh user.

Root: After running sudo -l, it was determined that we can execute /usr/bin/ssh * as root. This allowed for the spawning of an interactive root shell via the ProxyCommand option.

1 post - 1 participant

Read full topic


Viewing all articles
Browse latest Browse all 83

Trending Articles