Official CozyHosting Discussion

Try to understand what is going on and what is the command that is executed on the backend.Then try to craft a payload for command injection

Still stuck at login page. Managed to enumerate into some useful information, but I am unsure how to sucessfully apply it. DM me if you’re willing to give hints.

Edit: forgot to say that if you do DM me, I’ll give you what I have so far.

I am also stuck on the login page, so many different scans have been run but I just can’t figure out what framework/system this is or find a useful way forward. Could use some hints for the initial part if anyone is able to DM me. I am still a “noob” as I started with HTB this week.

Finally got it, that initial shell was painful, after that it was fairly straightforward.

Foothold: a bit pain to get shell, start with simple enumeration, what you find will be the key to user. Read carefully.
User: Use your gained information to browse stuff. Don’t crack under pressure.
Root: The most basic thing you would do once you have shell. 5 minutes of googling and you are root

PM if you have questions

Hi, I need some help with the shell, please DM me some hints if u can:)

WARNING: Failed to daemonise. This is quite common and not fatal. ERROR: Can’t spawn shell
hi i keep getting this when i upload, can someone help pls

i have more stuck after get the session id. I don’t understand the hostname and username process. i need pdf step by step walkthrough like starting point labs. please anyone guide me for this machine. i have trying more than 5 days to solve this machine.

This was pretty hard for me as I am just starting to get back to doing this. To get get foot hold I got some help to point me into the right direction. I was able to poke and make it mad and based on what it said I was able to identify what it was using, but I didnt know about the extra thing until someone told me about it, and even then I wasnt able to find it even knowing what I was looking for. Maybe i just have out dated wordlists.

for shell, well… this was pretty interesting and I was able to learn something new. I am not sure that I would have been abkle to find it on omy own, so thanks to those that helped.

to get user I knew what to do, but for some reason my tool wasnt working correctly or i dont know what, but I was able to get more help, but I had to show what I was doing and explain how i was going to accomplish the task that i needed to accomplish before moving on, so I wasnt just given the answer.

Root was simple. I got this in like 30 sec.

all in all, good box, but danm im out of practice!. back to the grind!