Analytics - HackMD

# Analytics ## 1.nmap scan ![image](https://hackmd.io/_uploads/HkvAssvVp.png) ``` sudo vim /etc/hosts ``` login頁面無法登入重新將data.analytical.htb寫入/etc/hosts ![image](https://hackmd.io/_uploads/rJeKTiwNa.png) google search "Sign in to Metabase cve" 發現RCE in Metabase (CVE-2023-38646) ## 2.metasploit 更新 ``` sudo su apt update; apt install metasploit-framework ``` search metabase and use it ![image](https://hackmd.io/_uploads/B1fnyhvNp.png) ![image](https://hackmd.io/_uploads/SyBqgnDNa.png) 發現 META_PASS=An4lytics_ds20223# META_USER=metalytics ## 3.ssh login ![image](https://hackmd.io/_uploads/B1g1fnv4a.png) cat user.txt ![image](https://hackmd.io/_uploads/r1M-MhPE6.png) ## 4.權限提升 ``` uname -a ``` google search "25~22.04.2-Ubuntu cve" 發現CVE-2023-2640 & CVE-2023-32629 ![image](https://hackmd.io/_uploads/ByWxBhwNp.png) ``` nano expc.sh cat expc.sh chmod 777 expc.sh ./expc.sh ``` ![image](https://hackmd.io/_uploads/SyoyU2wN6.png) cat root.txt(flag2)