Skip to main content
HashnodeEverythingCTF's

Command Palette

Search for a command to run...

HackTheBox Redeemer (Linux Room) — Full Walkthrough

Published
3 min read
A
Adham

This article focuses on identifying and exploiting a misconfigured Redis service using the Redeemer room on HackTheBox. It combines essential theory with hands-on enumeration to show how exposed Redis instances can leak sensitive data.

Task 1

Which TCP port is open on the machine?

Port 6379 is open on the machine.

nmap -sS 10.129.59.95

PORT     STATE SERVICE
6379/tcp open  redis

To gather more detailed information, I followed up with RustScan:

┌──(unknown㉿kali)-[~]
└─$ rustscan -a 10.129.59.95 -- -A 
.----. .-. .-. .----..---.  .----. .---.   .--.  .-. .-.
| {}  }| { } |{ {__ {_   _}{ {__  /  ___} / {} \ |  `| |
| .-. \| {_} |.-._} } | |  .-._} }\     }/  /\  \| |\  |
`-' `-'`-----'`----'  `-'  `----'  `---' `-'  `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: http://discord.skerritt.blog         :
: https://github.com/RustScan/RustScan :
 --------------------------------------
Open ports, closed hearts.

PORT     STATE SERVICE REASON         VERSION
6379/tcp open  redis   syn-ack ttl 63 Redis key-value store 5.0.7

Task 2

Which service is running on the open port?

The service running on port 6379 is Redis.

6379/tcp open redis Redis key-value store 5.0.7

Task 3

What type of database is Redis?

Redis is a NoSQL in-memory database. It stores data primarily in memory, making it extremely fast but potentially dangerous if exposed without proper security controls.

Task 4

Which command-line utility is used to interact with the Redis server?

The command-line utility used to interact with Redis is redis-cli.

Task 5

Which flag is used with redis-cli to specify the hostname?

The -h flag is used to specify the hostname.

redis-cli -h 10.129.59.95

Task 6

Which command is used to obtain information and statistics about the Redis server?

The info command is used to retrieve configuration details and statistics about the Redis server.

0.129.59.95:6379> info
# Server
redis_version:5.0.7
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:66bd629f924ac924
redis_mode:standalone
os:Linux 5.4.0-77-generic x86_64

Task 7

What version of Redis is running on the target machine?

The Redis server is running version 5.0.7.

redis_version:5.0.7

Task 8

Which command is used to select a database in Redis?

The select command is used to choose a database.

10.129.59.95:6379> select 0
OK
(2.35s)

Task 9

How many keys are present in database index 0?

There are 4 keys present in database 0.

10.129.59.95:6379> keys *
1) "temp"
2) "numb"
3) "flag"
4) "stor"

Task 10

Which command is used to list all keys in a Redis database?

The keys * command is used to list all keys in the selected database as shown above.

Submit Flag

After identifying the flag key, I retrieved its value using the get command.

10.129.59.95:6379> get flag
"03e1d2b376c37ab3f5319922053953eb"

This room demonstrates how an unauthenticated Redis service can expose sensitive information and highlights the risks of leaving internal services publicly accessible. Although it was an extremely easy room, this was my first encounter of redis so I learned something new along the way as well.

See you in the next one!

#redeemerhtb#cybersecurity#hackthebox#hackthebox-htb-pentest-pentester-pentesting-cybersecurity-cybersec-offensivesecurity-offsec-redteam-redteamer-redteaming-hack-hacker-hacking-ethicalhacking-ethicalhacker-informationsecurity-infosec#htb-writeup#walkthrough#redis

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

EverythingCTF's

8 posts