HTB - Analytics

A writeup for the machine Analytics on Hack The Box

https://app.hackthebox.com/machines/Analytics

Footprinting​

First, we can start with an nmap scan.

nmap -sS MACIHINE_IP

We find two open ports, one of which is a publicly accessible web server.

To access the web server, we need to update the /etc/hosts file with the machine IP.

echo "10.10.11.233 analytics.htb" >> /etc/hosts

The web server runs a simple website with a login page.

When we try to access the login page, we are redirected to a new subdomain data.analytics.htb.

After updating the hosts file again, we can access the login page.

The login page runs an instance of Metabase, an open source web analytics platform.

User flag​

Exploiting Metabase​