A detailed walkthrough of exploiting the HTB Planning machine, featuring a vulnerable Grafana 11.0.0 instance affected by CVE-2024-9264. The guide covers enumeration with nmap and ffuf, exploiting the Grafana vulnerability for remote code execution, obtaining SSH access through discovered credentials, and achieving privilege escalation via a cron job management interface. The tutorial emphasizes explaining each command and technique for beginners learning penetration testing.
Table of contents
EnumerationGrafana security release: Critical severity fix for CVE-2024-9264 | Grafana LabsGitHub - nollium/CVE-2024-9264: Exploit for Grafana arbitrary file-read and RCE (CVE-2024-9264)FootholdHTB Cicada Machine Walkthrough | Easy HackTheBox Guide for BeginnersGet SeverSerenity’s stories in your inboxPrivilege escalationClosingThe WhyWriteUpsHTB Vintage Machine Walkthrough | Easy HackTheBox Guide for BeginnersHTB Cap Machine Walkthrough | Easy HackTheBox Guide for BeginnersHTB Escape Machine Walkthrough | Easy HackTheBox Guide for BeginnersSort: