Official CozyHosting Discussion

any hint for josh ,i try get postgres shell ,but it seem no effect,

did i need to crack the accout admin’s password for ssh ?

I can’t seem to get my head around an initial foothold. The login page doesn’t seem vulnerable to anything in the least, and honestly can’t find any other vectors (besides some weird /error page).

Any hint or nudge in the right direction is greatly appreciated

1 Like

Stuck on understanding how to move forward. I am sure of the vulnerability but am not getting responses. anyone available for a quick dm?

User is a bit tricky because you can be easily misled at the beginning but once you find the correct path you are good to go!

root is very straightforward!
DM if you need a hint to be pointed to the right direction.

root is simple, user is complicated by comparison

I got a shell, need help with user

need crack bro - -,use hashcat , no john

1 Like

Can you give me a hint on how to get psql creds?

For User:
Maybe you can try for something interesting
there is a common misconfig
For Root:
it’s a very straightforward !
Have Fun every body

1 Like

a large file is right there in front of you

1 Like

User is easy…root is super easy,
You only need a little Google search and everything there is pretty straightforward.

Ah, so many spoilers above, thread should be cleared up a bit, I’d say. Anyhow. Summarization:

Foothold: Just find out what happens, generate errors, look around, and try to enumerate. Research about what’s used and what misconfiguration can you found. This should yield sufficient info on how to move forward.
User: Once you’ve step your foot in, there look around. What is running? Hm, what is interesting? There is something left around. Find it. Look into. What can you find? And what can you do with that information? Then lateral movement is a breeze.
Root: Just your typical privesc, very easy, google, find what you need, and voila, it’s done.

Great easy box, straightforward, but still provides a good bit of challenge -especially- the foothold part to get yourself going. And that is pretty nice, solid box. Well done.

1 Like

Anyone able to give me a hint as to what to look for in this certain thing on the target machine? I have it moved onto my local machine and have opened it but everything inside I dont know what to be looking for?

Any help would be great thanks

Feel free to DM for hints


Rooted! Thanks to those who gave me pointers on the very first step - turned out I had already tried it, just incorrectly, always try twice! After that id say its a mix of just prodding and poking until you figure it out, then fairly straight forward stuff after that. As everyone else is saying, root is easy and, in comparison, user is quite hard.

DM me if you want any pointers

Dont mind giving people hints for this machine, was a tough user for me and needed some guidance.

Can you give me a hint for user? I am at admin panel now but am not getting anywhere.

Hello brother, any hint ?

Hi, any hint for this box?