Data
Data
Data 673
Data
RETIRED MACHINE

Data

Data - Linux Linux
Data - Easy Easy

4.9

MACHINE RATING

411

USER OWNS

391

SYSTEM OWNS

01/07/2025

RELEASED
Created by xct

Machine Synopsis

Data is an Easy Linux machine that involves exploiting `[CVE-2021-43798](https://nvd.nist.gov/vuln/detail/CVE-2021-43798)`, an arbitrary file read via path traversal in `Grafana`. By exploiting this vulnerability, the database file for Grafana is extracted, and the hashes in the database are converted to a format readable by `Hashcat`. The hash is then cracked and can be used for SSH access to the target as user `boris`. The compromised user has the privileges to execute `docker exec` as root on the system, allowing the user to escalate and obtain root access by adding the privileged flag to running containers and mounting the host filesystem.

Machine Matrix

Ready to start your
hacking journey?