Redis exploitation
Sometimes while pentesting, we may come across a Redis installation that was left public unintentionally. In an unauthenticated Redis installation, the simplest thing to do is to write random files. In this recipe, we will see how to get root access of Redis installations running without authentication.
How to do it...
To learn exploitation of Redis follow the given steps:
- We first telnet to the server and check whether a successful connection is possible or not:
telnet x.x.x.x 6379
The following screenshot shows the output for the preceding command:
- We then terminate the telnet session. Next, we generate our SSH key using the following command:
ssh-keygen -t rsa -C [email protected]
- Then, we enter the file where we want to save it:
- Our key is generated; now we need to write it on the server:
- We need to install
redis-cli
for that; we can use the following command:
sudo apt-get install redis-tools
- Once it is installed, we go back to our generated key and...