From 167b0637b77b1d65a1ef67ab48263d7898fe439b Mon Sep 17 00:00:00 2001 From: carlospolop Date: Mon, 29 Sep 2025 13:15:30 +0200 Subject: [PATCH] f --- .../pentesting-web/grafana.md | 25 ------------------- 1 file changed, 25 deletions(-) diff --git a/src/network-services-pentesting/pentesting-web/grafana.md b/src/network-services-pentesting/pentesting-web/grafana.md index 8a0a8f54b..da48211b9 100644 --- a/src/network-services-pentesting/pentesting-web/grafana.md +++ b/src/network-services-pentesting/pentesting-web/grafana.md @@ -64,31 +64,6 @@ python3 CVE-2024-9264.py -u -p \ ``` If output shows `uid=0(root)`, Grafana is running as root (common inside some containers). -Post-exploitation notes -- Harvest environment secrets from the spawned process (`env` or `/proc//environ`). Grafana commonly exposes variables like: - - `GF_SECURITY_ADMIN_USER`, `GF_SECURITY_ADMIN_PASSWORD` - - These may be reused in other places (e.g., SSH, basic-auth on internal tools). See Linux post-exploitation tips below. -- Container indicators: `/.dockerenv`, short hex hostname, Docker bridge IP in `/proc/net/fib_trie`. -- Local port-only panels: Pivot with SSH local port forwarding: `ssh -L 9001:localhost: user@host` and browse `http://localhost:9001` from your box. - -Detection & hardening -- Disable SQL Expressions if not needed: `expressions.enabled = false` (ini or via provisioning) -- Remove or restrict DuckDB availability on the server PATH if SQL Expressions are enabled -- Restrict extension loading in DuckDB if applicable; monitor for `INSTALL shellfs` or unexpected use of `read_csv('...|')` -- Upgrade Grafana to a fixed version (see the official advisory linked below) and review all users with VIEWER+ access -- Monitor admin API usage and unusual SQL Expression panels/queries - -See also -- For loopback-only panel access: SSH port-forwarding notes in Tunneling and SSH pages -- For environment secret harvesting and systemd environment vars: Linux Post-Exploitation page - -{{#ref}} -../../generic-hacking/tunneling-and-port-forwarding.md -{{#endref}} - -{{#ref}} -../../linux-hardening/linux-post-exploitation/README.md -{{#endref}} ## References