DEV Community

Cover image for Redeemer | HackTheBox Write-up
shiahalan
shiahalan

Posted on • Updated on

Redeemer | HackTheBox Write-up

Introduction

This is a basic box that mainly has us interact with a Redis database. We use basic enumeration tools such as nmap to find the only open port hosting the Redis service. We then use redis-cli to connect to the database and find a key containing the contents of the flag.

Enumeration

After starting up the machine, the first thing we do is ping the target to make sure it's alive:

Image description

Since we are getting a response, the target can be confirmed as active.

Next, we are going to do an nmap scan (Network Mapper) to see what services are running on what ports on the target machine. I'm going to also use the -sV flag to see what versions the services are running on, as well as to get host OS information:

Image description

This didn't yield us any results. This time we're going to scan all ports using the -p- flag, while also speeding up the process with -T5...

After the scan was complete, it yielded no results. I then issued another ping command to the target to ensure it was still alive, however, it was not.

After resetting the machine, I tried out the original nmap scan again with the -p- flag:

Image description

P.S.
Sometimes this machine can be extremely buggy or slow. So if nmap scans are not yielding anything even when scanning over all ports with multiple techniques, then the machine probably needs maintenance. You can instead just scan for the needed port using the flag -p for port 6379.

Redis

Redis is an in-memory databases that utilizes RAM space to increase speed. They are faster than traditional databases since they have fewer restrictions imposed on them.

We can use the redis-cli command to interact with the Redis database being hosted on the target machine. To specify a target machine, we need to use the -h flag.

If the command redis-cli is not already installed on your computer, you can use the command sudo apt install redis-tools if you are on a Linux machine.

Image description

To list information about the Redis database, we can issue the info command:

Image description

... SNIPPED ...

We can see on the first few lines of the output that the version is currently 5.0.7. At the very end of the output (not shown in screenshot) we can see that there are 4 keys.

To obtain all the keys in the Redis database, we can use the command keys *:

Image description

To get the contents of the key, we simply need to use the command get with the name of the key:

Image description

The flag for this box has been captured!

Various Questions:

Which TCP port is open on the machine?
6379

Which service is running on the port that is open on the machine?
redis

What type of database is Redis? Choose from the following options: (i) In-memory Database, (ii) Traditional Database
In-memory Database

Which command-line utility is used to interact with the Redis server? Enter the program name you would enter into the terminal without any arguments.
redis-cli

Which flag is used with the Redis command-line utility to specify the hostname?
-h

Once connected to a Redis server, which command is used to obtain the information and statistics about the Redis server?
info

What is the version of the Redis server being used on the target machine?
5.0.7

Which command is used to select the desired database in Redis?
select

How many keys are present inside the database with index 0?
4

Which command is used to obtain all the keys in a database?
keys *

Submit root flag
Try it yourself :)

Top comments (0)