Redeemer (Tier 0)

Description

  • Tier -> 0

  • Difficult -> Very Easy

  • OS -> Linux

  • Tags -> Redis / Vulnerability Assessment / Databases / Reconnaissance / Anonymous-Guest Access

https://app.hackthebox.com/starting-point?tier=0

Write-up

  • I started doing an initial port scan using Nmap

nmap -p- -Pn --min-rate 2000 10.129.136.187

  • With this and a little research, I answered the first questions

Answer: 6379

Answe: redis

Answer: In-memory Database

Answer: redis-cli

Answer: -h

Answer: info

  • Then I did an exhaustive scan to get more information about the service running on the found port

nmap -p6379 -sVC 10.129.136.187

  • With this and a little research, I answered the next questions

Answer: 5.0.7

Answer: select

  • I found a Redis database, so I tried to get access to the database using the redis-cli utility and it worked successfully. Then, To get information about the database, I used the internal info command and got information from some of the keys that were configured

redis-cli -h 10.129.136.187
This result is snippet

  • With this and a little research, I answered the next questions

Answer: 4

Answer: keys *

  • I selected the index of the database to work with it, in this case 0 because the database name was db0 and was the first listed. Then, I listed the keys using the keys and specifying to select all of them

  • I found an interesting entry named flag so I used the internal get command to retrieve its content and with this, I found the root flag

  • With this, I got the root flag and pwned the machine

Answer: 03e1d2b376c37ab3f5319922053953eb

PreviousDancing (Tier 0)NextExplosion (Tier 0)

Last updated