Redeemer- HTB Catch the Flag

less than 1 minute read

Overview

Redeemer

This is a lab that focuses on enumerating a Redis server and dumping its database. It’s rated very easy to exploit.

Redis is typically used to cache data that is frequently requested for quick retrieval, such as prices.

Skills Learned

Enumerating Redis server

Open ports

I start with nmap scan to enumerate open ports. We see that port 6379 is open.

Rediscli img Nmap Scan

Next, we need to install redis-cli in order to interact with the Redis server. The first option is perfect. We now have a connection.

Redis connected

Under info, the item with the most interest to us is keyspace. It shows the number of keys and their expiration. Next we select the database with index 0 using select 0.

Select Index 0

Now we can use key * to list keys and get to retrieve the key values (flag).

Share on

X Facebook LinkedIn Bluesky

Vincent Olago

Redeemer- HTB Catch the Flag

Overview

Skills Learned

Open ports

Share on

You may also enjoy

DNS Exfiltration Writeup

Sequel - HTB Writeup

Crocodile Writeup

Responder - HTB Catch the Flag