Introduction
This is a basic box that mainly has us interact with a Redis database. We use basic enumeration tools such as nmap to find the only open port hosting the Redis service. We then use redis-cli to connect to the database and find a key containing the contents of the flag.
Enumeration
After starting up the machine, the first thing we do is ping the target to make sure it's alive:
Since we are getting a response, the target can be confirmed as active.
Next, we are going to do an nmap scan (Network Mapper) to see what services are running on what ports on the target machine. I'm going to also use the -sV flag to see what versions the services are running on, as well as to get host OS information:
This didn't yield us any results. This time we're going to scan all ports using the -p- flag, while also speeding up the process with -T5...
After the scan was complete, it yielded no results. I then issued another ping command to the target to ensure it was still alive, however, it was not.
After resetting the machine, I tried out the original nmap scan again with the -p- flag:
P.S.
Sometimes this machine can be extremely buggy or slow. So if nmap scans are not yielding anything even when scanning over all ports with multiple techniques, then the machine probably needs maintenance. You can instead just scan for the needed port using the flag -p for port 6379.
Redis
Redis is an in-memory databases that utilizes RAM space to increase speed. They are faster than traditional databases since they have fewer restrictions imposed on them.
We can use the redis-cli command to interact with the Redis database being hosted on the target machine. To specify a target machine, we need to use the -h flag.
If the command redis-cli is not already installed on your computer, you can use the command sudo apt install redis-tools if you are on a Linux machine.
To list information about the Redis database, we can issue the info command:
... SNIPPED ...
We can see on the first few lines of the output that the version is currently 5.0.7. At the very end of the output (not shown in screenshot) we can see that there are 4 keys.
To obtain all the keys in the Redis database, we can use the command keys *:
To get the contents of the key, we simply need to use the command get with the name of the key:
The flag for this box has been captured!
Various Questions:
Which TCP port is open on the machine?
6379
Which service is running on the port that is open on the machine?
redis
What type of database is Redis? Choose from the following options: (i) In-memory Database, (ii) Traditional Database
In-memory Database
Which command-line utility is used to interact with the Redis server? Enter the program name you would enter into the terminal without any arguments.
redis-cli
Which flag is used with the Redis command-line utility to specify the hostname?
-h
Once connected to a Redis server, which command is used to obtain the information and statistics about the Redis server?
info
What is the version of the Redis server being used on the target machine?
5.0.7
Which command is used to select the desired database in Redis?
select
How many keys are present inside the database with index 0?
4
Which command is used to obtain all the keys in a database?
keys *
Submit root flag
Try it yourself :)
Top comments (0)