hacktricks/network-services-pentesting/pentesting-web/grafana.md

3.4 KiB

Grafana

HackTricks in 🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥

Interesting stuff

  • The file /etc/grafana/grafana.ini can contain sensitive information such as admin username and password.
  • Inside the platform you could invite people or generate API keys (might need to be admin)
  • You could check which plugins are installed (or even install new)
  • By default it uses SQLite3 database in /var/lib/grafana/grafana.db
    • select user,password,database from data_source;
HackTricks in 🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥