Ambassador
Ambassador
Ambassador 499
Ambassador
RETIRED MACHINE

Ambassador

Ambassador - Linux Linux
Ambassador - Medium Medium

4.4

MACHINE RATING

6679

USER OWNS

5769

SYSTEM OWNS

01/10/2022

RELEASED
Created by DirectRoot

Machine Synopsis

Ambassador is a medium difficulty Linux machine addressing the issue of hard-coded plaintext credentials being left in old versions of code. Firstly, a `Grafana` CVE ( `CVE-2021-43798`) is used to read arbitrary files on the target. After researching how the service is commonly configured, credentials for the web portal are discovered in one of the default locations. Once logged in, further enumeration reveals another configuration file containing `MySQL` credentials, which are used to retrieve a password to a user account and gain a foothold on the machine. Lastly, a misconfigured `Consul` service is used to obtain escalated privileges, by retrieving an authentication token from a prior commit of a `Git` repository.

Machine Matrix

Ready to start your
hacking journey?