Ambassador write-up by elf1337

Starting with an Unauthenticated path-traversal in Grafana leads to SQLite db, revealing MySQL remote access & SSH creds. Registering a service via Consul API for root access using a leaked token obtained through an git commit.

Check detailed blog here.