$$ \text {An iCSI CTF (RED18)} $$

IP Address 172.25.200.200

Port: 9034

Want to run this Docker container locally?

docker run -d --restart always -p 9034:3000 --name flag-red18 joshbeck2024/ctf-grafana-postgres-sql-injection-flag-red18

Here we have a Grafana dashboard

What is Grafana?

• Grafana's dashboard is a visual tool for real-time data tracking and analysis. It offers customizable graphs, charts, and alerts.
• If Grafana uses Postgres as its data source, we could modify its SQL query submission process to enable code execution.

It’s easy to determine in the bottom left that this is Grafana v8.5.26, which is an older version.

Here we have a dashboard called ‘Stats.’

• Click to view the Stats dashboard.

Here is our dashboard filled with super cool looking data. (It’s all fake, but you can pull it up and look cool when people walk by if you like!)

Whenever Grafana displays a series of statistics or data points, we can check whether Postgres is the database in use.

Copy the full URL to this dashboard.