Redeemer

1020KB

Redeemer_Write_Up.pdf

pdf

Task 1: Which TCP port is open on the machine?

• I Performed a nmap scan of all ports to see what was open:

nmap -p- [IP]

• Port 6379 was open.

Task 2: Which service is running on the port that is open on the machine?

• I performed a nmap version scan of the open port:

nmap -sV -p 6379 [IP]

• The service running on the open port is redis.

Task 3: What type of database is Redis? Choose from the following options: (i) In-memory Database, (ii) Traditional Database

• A quick google search revealed that it is an in-memory database

Task 4: Which command-line utility is used to interact with the Redis server? Enter the program name you would enter into the terminal without any arguments.

• A google search revealed that redis-cli is used

Task 5: Which flag is used with the Redis command-line utility to specify the hostname?

• I ran the following to see what options were available with the command:

redis-cli -h

• This came up with a list of options including -h for the hostname

Task 6: Once connected to a Redis server, which command is used to obtain the information and statistics about the Redis server?

• I tried at first to run the help command while in redis but it does not list out all of the commands.

• The next step was to google for the answer where I discovered that the "info" command displays the answer.

10.129.33.96:6379> help info

  INFO [section [section ...]]
  summary: Get information and statistics about the server
  since: 1.0.0
  group: server

Task 7: What is the version of the Redis server being used on the target machine?

• This one was weird. When running the help command while in redis-cli, it states the version is 7.0.7 however this answer was wrong when inputted into the answer box.

• I went back and checked the version from the nmap scan and it states the version is 5.0.7, which is the correct answer.

• Running the INFO command in redis-cli also says a version of 5.0.7.

Task 8: Which command is used to select the desired database in Redis?

• A quick google search tells us the command is SELECT.

Task 9: How many keys are present inside the database with index 0?

• Running the INFO command and looking at the very bottom of the output under the "# Keyspace" section shows an output as follows:

# Keyspace
db0:keys=4,expires=0,avg_ttl=0
10.129.33.96:6379> info 0
10.129.33.96:6379> help inf

• The number of keys is 4.

Task 10: Which command is used to obtain all the keys in a database?

• I did a chatgpt search and asked. The command is "KEYS *". Normally you would use a pattern at the end of KEYS but the * will search for everything.

Submit the root flag:

• Now that I know what keys are available, I can use the GET command to obtain the key. The syntax would follow:

get flag

• This returns: 03e1d2b376c37ab3f5319922053953eb