HackTheBox - CozyHosting Writeup
CozyHosting is an easy Hack The Box Linux machine running a Spring Boot app with exposed Actuator endpoints. Session hijacking grants dashboard access, and a command injection vulnerability provides a reverse shell. Hardcoded credentials in the JAR file reveal a database hash, which, once cracked, allows SSH access as josh. The user can run ssh as root, leading to full privilege escalation.
February 23, 2025 1 min read spring-boot-error spring-boot gobuster PostgreSQL hashcat GTFOBins