Hacking Note
  • 🧐Cyber Defenders
    • Flare-on 1
    • KrakenKeylogger
    • AzurePot
    • Sysinternals
    • BlackEnergy
    • Eli
    • MrGamer
    • GET PDF
  • 😎HackTheBox Machine
    • Surveillance
    • Monitored
    • Skyfall
    • WifineticTwo
    • Analytics
    • Lantern
  • 🙂TryHackMe Room
    • Squid Game
    • Stealth
  • 😐Some CTF Pentest Boxs
    • AKasec CTF 2024
      • AKasec CTF 2024 ( English Writeup )
  • Pwnable.VN
    • Mineme2
  • 👿Fortresses Hackthebox
    • Jet
Powered by GitBook
On this page
  1. HackTheBox Machine

Analytics

Analytics machines writeup

PreviousWifineticTwoNextLantern

Last updated 7 months ago

Enumeration :

Scanning ip

Okay maybe add to host might found something cool :

Found the login page :

Research in a while i found this reference vuln : https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/?source=post_page-----8cf81fa970ca--------------------------------

Now let try to exploit with metaploit framework :

let add target ip and my ip to attack :

Get the shell and checking env , i saw the user and password :

Success full get the user :

Walk around on user machine :

Script related to version to attack root : https://github.com/g1vi/CVE-2023-2640-CVE-2023-32629/blob/main/exploit.sh?source=post_page-----8cf81fa970ca--------------------------------

Clean the directory if need and run the file , we can get the root :

Add ip to hosts

😎
👍
👍