Data
Now running decrypt.py:
Now we get a hash we can crack in hashcat.
When creating a Docker container if -h or -hostname is not specified then hostname is container name.
Last updated
Now running decrypt.py:
Now we get a hash we can crack in hashcat.
When creating a Docker container if -h or -hostname is not specified then hostname is container name.
Last updated
There is website running grafana at port 3000
Using an exploit available we can get the grafana.db file. We get the users
Cracking the hash we get cred: Now using ssh and logging in we have sudo privilege on docker exec: The /etc/passwd obtained from LFI is different than the one on this box so it might be a docker container.
So getting hostname from grafana machine using LFI: To get into container: