This is a walkthrough of the Hack The Box machine called “Data”. It features the exploitation of grafana using directory traversal, password cracking, and privesc by exploiting docker due to dangerous sudo “no password” misconfiguration. I learned a lot tackling this one. ***SPOILERS*** I show you how to pwn the box, so if you don’t want help with it do not watch this video. Hope this helps someone and I hope you enjoy.
NOTE: When I ran “lsblk” I did it on my machine instead of target luckily sda1 was still the right drive to mount, that was a “doh” moment on my part.
