https://blog.qife122.com/tags/cve-2024-9264/ Recent content in CVE-2024-9264 on 办公AI智能小助手 Hugo zh-cn qife Mon, 20 Oct 2025 16:34:24 +0800 https://blog.qife122.com/p/%E5%88%A9%E7%94%A8grafana%E6%BC%8F%E6%B4%9E%E5%AE%9E%E7%8E%B0%E5%AE%B9%E5%99%A8%E9%80%83%E9%80%B8%E4%B8%8E%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87/ Mon, 20 Oct 2025 16:34:24 +0800 https://blog.qife122.com/p/%E5%88%A9%E7%94%A8grafana%E6%BC%8F%E6%B4%9E%E5%AE%9E%E7%8E%B0%E5%AE%B9%E5%99%A8%E9%80%83%E9%80%B8%E4%B8%8E%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87/ <h1 id="htb-planning">HTB: Planning</h1> <h2 id="概述">概述</h2> <p>Planning靶机提供了一个存在CVE-2024-9264漏洞的Grafana实例，该漏洞是DuckDB中的SQL注入漏洞，可导致远程代码执行。通过利用此漏洞在Grafana容器中获得root shell，从环境变量中发现凭据，并使用这些凭据通过SSH横向移动到主机。在主机上发现Crontab UI实例，从备份cron任务中获取凭据，并利用它创建自己的root cron任务以获得执行权限。</p> https://blog.qife122.com/p/htb-planning%E9%9D%B6%E6%9C%BA%E6%B8%97%E9%80%8Fgrafana%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E4%B8%8E%E5%AE%B9%E5%99%A8%E9%80%83%E9%80%B8/ Mon, 13 Oct 2025 15:54:08 +0800 https://blog.qife122.com/p/htb-planning%E9%9D%B6%E6%9C%BA%E6%B8%97%E9%80%8Fgrafana%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E4%B8%8E%E5%AE%B9%E5%99%A8%E9%80%83%E9%80%B8/ <h1 id="htb-planning">HTB: Planning</h1> <h2 id="侦察">侦察</h2> <h3 id="初始扫描">初始扫描</h3> <p>Nmap扫描发现两个开放端口：SSH（22）和HTTP（80）：</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">oxdf@hacky$ nmap -p- --min-rate <span class="m">10000</span> 10.10.11.68 </span></span><span class="line"><span class="cl">PORT STATE SERVICE </span></span><span class="line"><span class="cl">22/tcp open ssh </span></span><span class="line"><span class="cl">80/tcp open http </span></span></code></pre></td></tr></table> </div> </div><p>根据OpenSSH和nginx版本，主机可能运行Ubuntu 24.04。网站重定向到planning.htb。</p>