Skip to content

Krovs' Writeups

Fanatastic

Metadata
- April 4, 2025
- in Proving Grounds, Linux
- 2 min read

Fanatastic 🔹

Enumeration

We have a Prometheus + Grafana stack.

Initial Access

Searching for exploits, we have a path traversal one.

We can read the grafana database and get data source credentials from /var/lib/grafana/grafana.db.

Searching for an exploit to decrypt it, we have https://github.com/Sic4rio/Grafana-Decryptor-for-CVE-2021-43798

SSH with credentials.

Privilege Escalation

The user belongs to the disk group, so we can read root files.

We can read the root private key and SSH to the host.

Post Exploitation

Get the flags.