Official CozyHosting Discussion

Try to understand what is going on and what is the command that is executed on the backend.Then try to craft a payload for command injection

Still stuck at login page. Managed to enumerate into some useful information, but I am unsure how to sucessfully apply it. DM me if you’re willing to give hints.

Edit: forgot to say that if you do DM me, I’ll give you what I have so far.

I am also stuck on the login page, so many different scans have been run but I just can’t figure out what framework/system this is or find a useful way forward. Could use some hints for the initial part if anyone is able to DM me. I am still a “noob” as I started with HTB this week.

Finally got it, that initial shell was painful, after that it was fairly straightforward.

Foothold: a bit pain to get shell, start with simple enumeration, what you find will be the key to user. Read carefully.
User: Use your gained information to browse stuff. Don’t crack under pressure.
Root: The most basic thing you would do once you have shell. 5 minutes of googling and you are root

PM if you have questions

Hi, I need some help with the shell, please DM me some hints if u can:)

WARNING: Failed to daemonise. This is quite common and not fatal. ERROR: Can’t spawn shell
hi i keep getting this when i upload, can someone help pls

i have more stuck after get the session id. I don’t understand the hostname and username process. i need pdf step by step walkthrough like starting point labs. please anyone guide me for this machine. i have trying more than 5 days to solve this machine.

This was pretty hard for me as I am just starting to get back to doing this. To get get foot hold I got some help to point me into the right direction. I was able to poke and make it mad and based on what it said I was able to identify what it was using, but I didnt know about the extra thing until someone told me about it, and even then I wasnt able to find it even knowing what I was looking for. Maybe i just have out dated wordlists.

for shell, well… this was pretty interesting and I was able to learn something new. I am not sure that I would have been abkle to find it on omy own, so thanks to those that helped.

to get user I knew what to do, but for some reason my tool wasnt working correctly or i dont know what, but I was able to get more help, but I had to show what I was doing and explain how i was going to accomplish the task that i needed to accomplish before moving on, so I wasnt just given the answer.

Root was simple. I got this in like 30 sec.

all in all, good box, but danm im out of practice!. back to the grind!

Someone can help with reverse shell? I get a connection but when I try to run any command it dropps.

Nevermind, I managed to stabilize the shell

I successfully SSH into the host as ‘josh’ and managed to obtain the ‘user’ and ‘root’ text files. However, when submitting the answers, both are showing incorrect. I have tried resetting the machine and retrying after waiting for several days. Despite successfully obtaining the flag, it still displays as ‘incorrect.’ Please help me.

Could someone give me a hint for initial foothold. I found the login page and tried sql injection but that doesn’t seem to be working I tried sql map as well that also didn’t work.

Acquiring the first shell was beyond annoying, so I’m gonna write what I wish I had read before starting this one.

Starting out, try to enumerate using standard tools, but make sure to use different wordlists, seclist has some good ones.
Make sure you learn what the site is running in the back-end, look for hints like unique responses, error messages, anything that you can search online in order to enumerate what the website is using, google is your friend here, remember if you dont know what something is for, look it up.

Learning the system:
Getting the first shell is very boring, its impotant you learn how the server reacts to your input in order to get there, for this specific case, it is a very slow and meticulous process of manually changing your inputs and checking the reaction, what the app likes and dislikes, use burp for that.
Once you learn how the system works, its a matter of customizing your reverse shell to fit in with the apps command.

Privilege escalation:
Once in, just use what the box gives you, you won’t get very far by using standard real world PE enumeation.
When you get user, just do a basic checklist on any privilege escalation spreadsheet and get your root flag.

Please message me if you need help, don’t waste your time on this box, it’s not worth it, it’s very anti-climatic after the first shell.

all (4-6) sessions are UNAUTHORIZED, for over 24 hours.
then i switched to a different HTB VPN location, and it showed the right one…!

2hours later

1 Like

Alright, message me if you need any help

i have same problem, which server did u use?

US2 worked, EU did not

A nice machine. Thank you to the creator! :slight_smile:

FOOTHOLD : awfully complicated :sweat_smile:! Enum properly what you see. You know where’s the flaw but remember there are 2 variables. A special character used for separating commands.
USER : grab the 2 passwords. They say HTB is not about bruteforce but password is found in 15mn :upside_down_face:
ROOT : easy

1 Like

thank you very much…
this helped me a lot…
LOVE FROM INDIA & SAUDI :heart: :heart: :heart: