HacktheBox "machine" Redeemer

Description

In this lab, we explore Redis, a high-performance in-memory database, typically used for caching frequently requested data. The lab focuses on remotely enumerating a Redis server, interacting with it via the redis-cli command-line utility, and dumping its key-value database to retrieve a flag. You will learn how Redis stores data in RAM for rapid retrieval and how to exploit insecure Redis configurations for enumeration and extraction of sensitive data. Key topics include using common Redis commands to list, retrieve, and manipulate data within the Redis store.

Enumeration

To check the connectivity and availability of a target machine, we can use the ping command followed by the target's IP address. After receiving two successful replies, we can stop the command, as this indicates satisfactory connection quality. Often, a brief overview of the results is more efficient than running commands for extended periods.

Ananlysis

Step:-1 The command is uses an Nmap command, which is used for network discovery and security auditing.

• sudo: This runs the command with elevated privileges, which is necessary because Nmap requires root access to perform some types of scanning, such as OS detection and service enumeration.
• nmap: This is the command-line tool used for network scanning.
• -sV: This option performs version detection.
• -p-: The -p option in various command-line utilities can have different meanings based on the context and the command being used.

sudo nmap -sV -p- 10.129.76.101        

Step:-2 To install Redis tools, including the redis-cli utility, you can use the following command depending on your operating system.

sudo apt install redis-tools        

Step:-3 The redis-cli -h command is used to specify the hostname of the Redis server you want to connect to.

redis-cli -h 10.129.76.101        

Step:-4

• Let us select this Redis logical database by using the select command followed by the index number of the database that needs to be selected :

Select 0

• Furthermore, we can list all the keys present in the database using the command :

Key *

Finally, the flags have been identified

Task 1

Which TCP port is open on the machine?

6379

Task 2

Which service is running on the port that is open on the machine?

redis

Task 3

What type of database is Redis? Choose from the following options: (i) In-memory Database, (ii) Traditional Database

In-memory Database

Task 4

Which command-line utility is used to interact with the Redis server? Enter the program name you would enter into the terminal without any arguments.

redis-cli

Task 5

Which flag is used with the Redis command-line utility to specify the hostname?

-H

Task 6

Once connected to a Redis server, which command is used to obtain the information and statistics about the Redis server?

info

Task 7

What is the version of the Redis server being used on the target machine?

5.0.7

Task 8

Which command is used to select the desired database in Redis?

select

Task 9

How many keys are present inside the database with index 0?

4

Task 10

Which command is used to obtain all the keys in a database?

keys *

Submit Flag

Submit root flag

03e1d2b376c37ab3f5319922053953eb

Thanks for Visiting