CozyHosting — Credentials¶
| User | Password/Hash | Type | Source | Access Granted | Tested |
|---|---|---|---|---|---|
| kanderson | session: 99436176E7884B8F4A0B88D65FE52327 | Session token | /actuator/sessions | Web admin panel (/admin) | Yes ✓ |
| postgres | Vg&nvzAQ7XxR |
Cleartext | application.properties (JAR) | PostgreSQL DB | Yes ✓ |
| kanderson | $2a$10$E/Vcd9ecflmPudWeLSEIv.cvK6QjxjWlWXpij1NVNV3Mm6eH58zim |
bcrypt hash | PostgreSQL users table | TBD | Not cracked |
| admin (web) | manchesterunited |
Cracked (bcrypt) | john + rockyou.txt | Web admin login | Yes ✓ |
| josh (system) | manchesterunited |
Password reuse | admin hash → SSH | SSH as josh | Yes ✓ |
Notes¶
- JSESSIONID hijacked from exposed Spring Boot Actuator /sessions endpoint
- PostgreSQL creds found in extracted JAR (
application.properties) adminweb user hash cracked tomanchesterunited— no spaceadminis NOT a system user —joshis the only user in/home/- Password reuse: web admin password worked for josh via SSH
ssh admin@failed — noadminsystem account