Redeemer

Personal Rating: Very Easy

Enumeration

The first nmap scan was pretty straightforward:

sudo nmap -p- <IP>

PORT     STATE SERVICE VERSION
6379/tcp open  redis   Redis key-value store 5.0.7

Discovering Redis

A little research on redis was necessary, then I installed redis-cli and got access to the database:

redis-cli -h <TARGETIP>
> INFO
> KEYS *
> GET flag

I could get access like that because anonymous login was allowed. As seen here, with some more research on how to navigate around Redis databases I could find the flag. Interesting to know here is, that Redis is an in-memory database.

INFO can be used to check the version and how many keys are there in each database.

KEYS * can be used to show all keys by name.

Last updated