💢Analytics
https://app.hackthebox.com/machines/Analytics
After some quick enumeration, we discover a web server → after a quick look around, we arrive at a login page:
a quick search reveals a RCE Pre auth with metabase: https://github.com/m3m0o/metabase-pre-auth-rce-poc
Let's look at the usage:
So we capture the request and change the get value in order to find the setup-token:
I tried triggering a whomai, but it is not intended to be used like that, more in an optic to do a reverse shell:
So I copy my ip address and then set up a listener:
Last updated