Analytics

Analytics machines writeup

Enumeration :

Scanning ip 👍

Okay maybe add to host might found something cool :

Add ip to hosts 👍

Found the login page :

Research in a while i found this reference vuln : https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/?source=post_page-----8cf81fa970ca--------------------------------

Now let try to exploit with metaploit framework :

let add target ip and my ip to attack :

Get the shell and checking env , i saw the user and password :

Success full get the user :

Walk around on user machine :

Script related to version to attack root : https://github.com/g1vi/CVE-2023-2640-CVE-2023-32629/blob/main/exploit.sh?source=post_page-----8cf81fa970ca--------------------------------

Clean the directory if need and run the file , we can get the root :

PreviousWifineticTwoNextLantern

Last updated