Starting with an Unauthenticated path-traversal in Grafana leads to SQLite db, revealing MySQL remote access & SSH creds. Registering a service via Consul API for root access using a leaked token obtained through an git commit.
Check detailed blog here.