HackTheBox - Analytics Writeup
Analytics is an easy Hack The Box Linux machine featuring exposed HTTP and SSH services. A Metabase instance vulnerable to CVE-2023-38646 allows pre-auth RCE and initial access inside a Docker container. Environment variables expose SSH credentials for the host. Privilege escalation is achieved by exploiting the GameOverlay kernel vulnerability for root access.
CVE-2023-38646 CVE-2023-2640 CVE-2023-32629 metabase metabase-v0.46.6 linpeas gameOverlay overlayfs ubuntu-22.04LTS-kernel-6.2.0-25-generic