Read my writeup to Analytics on:
TL;DR
User: Identified the subdomain data.analytics.htb hosting Metabase. Exploited CVE-2023-38646 to acquire a reverse shell as the metabase user. Discovered the password of the metalytics user in the env.
Root: Leveraged the OS version to execute GameOver(lay) Ubuntu Privilege Escalation, resulting in obtaining a root shell.