gitwtfhub

wtf is cozyhosting_walkthrough?

themursalin/cozyhosting_walkthrough — explained in plain English

Analysis updated 2026-05-18

0Audience · developerComplexity · 3/5Setup · moderate

TL;DR

An educational writeup walking through a full penetration test of a deliberately vulnerable Spring Boot hosting application, from recon to root access.

Mindmap

mindmap
  root((CozyHosting Walkthrough))
    What it does
      Documents pentest
      Explains each step
      Shows root exploit chain
    Tech stack
      Spring Boot
      Java
      PostgreSQL
      hashcat
    Use cases
      Learn pentesting steps
      Study command injection
      Practice privilege escalation
    Audience
      Security learners
      CTF players

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Why would anyone build with this?

REASON 1

Learn how Spring Boot Actuator endpoint exposure leads to session hijacking.

REASON 2

Study a real command injection and reverse shell attack chain step by step.

REASON 3

Practice cracking leaked password hashes with hashcat and rockyou.txt.

REASON 4

Understand how misconfigured sudo rules enable privilege escalation to root.

What's in the stack?

Spring BootJavaPostgreSQLhashcat

How it stacks up

themursalin/cozyhosting_walkthrough0verflowme/alarm-clock0xhassaan/nn-from-scratch
Stars00
LanguageCSSPython
Last pushed2022-10-03
MaintenanceDormant
Setup difficultymoderateeasymoderate
Complexity3/52/54/5
Audiencedevelopervibe coderdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you spin it up?

Difficulty · moderate Time to first run · 1h+

Best followed alongside a vulnerable lab environment matching the walkthrough's target.

Wtf does this do

CozyHosting_Walkthrough is an educational security assessment writeup documenting a step by step penetration test of a fictional hosting company's Spring Boot (Java) web application. It is classified as an educational walkthrough demonstrating real world attack techniques in a deliberately vulnerable environment, similar to the format used by hands on security training labs. The walkthrough covers a complete attack chain. First, port scanning identifies open services. The application is found to expose Spring Boot Actuator endpoints, operational debugging paths often left enabled by accident in production. The /actuator/sessions endpoint leaks active session identifiers and their associated usernames. Replacing the browser session cookie with a stolen ID takes over an authenticated user's session without a password, a session hijacking attack. From the admin dashboard, a form that runs SSH commands is found vulnerable to command injection: an attacker can append arbitrary shell commands to the username field. Space characters are filtered, but the walkthrough shows bypass techniques using shell features. A reverse shell is established this way, giving the attacker interactive access to the server. Inside the application, the JAR file (a packaged Java archive) contains a configuration file with PostgreSQL database credentials in plaintext. The database yields password hashes for two accounts. The admin hash is cracked using hashcat with the rockyou.txt wordlist. The cracked password also works for a local system user, enabling lateral movement. Finally, a misconfigured sudo rule lets that user run ssh as root, and the SSH ProxyCommand option is abused to spawn a root shell. The full README is longer than what was shown.

Yoink these prompts

Prompt 1
Explain how the Spring Boot Actuator /actuator/sessions leak works in this walkthrough.
Prompt 2
Walk me through the command injection bypass used against the SSH command form.
Prompt 3
Help me understand how the leaked PostgreSQL credentials led to cracking the admin password.
Prompt 4
Explain how the sudo and SSH ProxyCommand misconfiguration was abused to get a root shell.

Frequently asked questions

wtf is cozyhosting_walkthrough?

An educational writeup walking through a full penetration test of a deliberately vulnerable Spring Boot hosting application, from recon to root access.

How hard is cozyhosting_walkthrough to set up?

Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.

Who is cozyhosting_walkthrough for?

Mainly developer.

View the repo → Decode another repo

This repo across BitVibe Labs

Don't trust strangers blindly. Verify against the repo.