What is Redis?
Redis is an open source in-memory data structure store, used as a database. By default, Redis uses a plain-text based protocol, but SSL/TLS can be implemented.
Default port: 6379
Enumeration Steps
- [ ] Check if you can authenticate to Redis without credentials using Redis-cli tool
- [ ] If you're getting authentication error of "NOAUTH Authentication required." means you need credentials. Enumerate other ports for credentials and re-try gain.
- [ ] Brute-force (last resort)
Attack Vectors
- [ ] Webshell
- [ ] Add your public key to the authorized_key file if you found a valid user if you have writable permissions - SSH Authorized Key file
Known Vulnerabilities - Exploit-db
- Use Metasploit exploit
linux/redis/redis_replication_cmd_exec
- The exploit works with Redis 4.x and 5.x