whatisgithub

What is cozyhosting_walkthrough?

themursalin/cozyhosting_walkthrough — explained in plain English

Analysis updated 2026-05-18

0Audience · developerComplexity · 3/5Setup · moderate

In one sentence

An educational writeup walking through a full penetration test of a deliberately vulnerable Spring Boot hosting application, from recon to root access.

Mindmap

mindmap
  root((CozyHosting Walkthrough))
    What it does
      Documents pentest
      Explains each step
      Shows root exploit chain
    Tech stack
      Spring Boot
      Java
      PostgreSQL
      hashcat
    Use cases
      Learn pentesting steps
      Study command injection
      Practice privilege escalation
    Audience
      Security learners
      CTF players

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Learn how Spring Boot Actuator endpoint exposure leads to session hijacking.

USE CASE 2

Study a real command injection and reverse shell attack chain step by step.

USE CASE 3

Practice cracking leaked password hashes with hashcat and rockyou.txt.

USE CASE 4

Understand how misconfigured sudo rules enable privilege escalation to root.

What is it built with?

Spring BootJavaPostgreSQLhashcat

How does it compare?

themursalin/cozyhosting_walkthrough0verflowme/alarm-clock0xhassaan/nn-from-scratch
Stars00
LanguageCSSPython
Last pushed2022-10-03
MaintenanceDormant
Setup difficultymoderateeasymoderate
Complexity3/52/54/5
Audiencedevelopervibe coderdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 1h+

Best followed alongside a vulnerable lab environment matching the walkthrough's target.

So what is it?

CozyHosting_Walkthrough is an educational security assessment writeup documenting a step by step penetration test of a fictional hosting company's Spring Boot (Java) web application. It is classified as an educational walkthrough demonstrating real world attack techniques in a deliberately vulnerable environment, similar to the format used by hands on security training labs. The walkthrough covers a complete attack chain. First, port scanning identifies open services. The application is found to expose Spring Boot Actuator endpoints, operational debugging paths often left enabled by accident in production. The /actuator/sessions endpoint leaks active session identifiers and their associated usernames. Replacing the browser session cookie with a stolen ID takes over an authenticated user's session without a password, a session hijacking attack. From the admin dashboard, a form that runs SSH commands is found vulnerable to command injection: an attacker can append arbitrary shell commands to the username field. Space characters are filtered, but the walkthrough shows bypass techniques using shell features. A reverse shell is established this way, giving the attacker interactive access to the server. Inside the application, the JAR file (a packaged Java archive) contains a configuration file with PostgreSQL database credentials in plaintext. The database yields password hashes for two accounts. The admin hash is cracked using hashcat with the rockyou.txt wordlist. The cracked password also works for a local system user, enabling lateral movement. Finally, a misconfigured sudo rule lets that user run ssh as root, and the SSH ProxyCommand option is abused to spawn a root shell. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1
Explain how the Spring Boot Actuator /actuator/sessions leak works in this walkthrough.
Prompt 2
Walk me through the command injection bypass used against the SSH command form.
Prompt 3
Help me understand how the leaked PostgreSQL credentials led to cracking the admin password.
Prompt 4
Explain how the sudo and SSH ProxyCommand misconfiguration was abused to get a root shell.

Frequently asked questions

What is cozyhosting_walkthrough?

An educational writeup walking through a full penetration test of a deliberately vulnerable Spring Boot hosting application, from recon to root access.

How hard is cozyhosting_walkthrough to set up?

Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.

Who is cozyhosting_walkthrough for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.