Analytics starts with a webserver hosting an instance of Metabase. There’s a pre-auth RCE exploit that involves leaking a setup token and using it to start the server setup, injecting into the configuration to get code execution. Inside the Metabase container, I’ll find creds in environment variables, and use them to get access to the host. From there I’ll exploit the GameOver(lay) vulnerability to get a shell as root, and include a video explaining the exploit.

0xdf hacks stuff

This post covers the HTB Analytics box, including the initial webserver hosting Metabase and the pre-auth RCE exploit to get code execution. It also explores the GameOver(lay) vulnerability used to escalate privileges to root. The post provides detailed steps and tackles the box's enumeration and enumeration results.

HTB: Analytics