HackTheBox – Analytics
Analytics Initial access this machine have subdomain data.analytical.htb and using a Metabase version 0.46.x which vulnerable to CVE-2023-38646 attackhttps://secry.me/explore/news/metabase-rce-cve-2023-38646/ Using metasploit we can import this exploit/metabase_setup_token_rce.rb to metasploit and getting reverse shell Using python script https://github.com/robotmikhro/CVE-2023-38646 Escaping the docker in the environment we can see information about credential notice the META_USER and META_PASS we can […]
Capture The Flag 13 Feb 2024