Skip to main content

Redeemer

  • Difficulty: Very easy

🔎 Solution

With the target IP provided, I ran a full-port fast service/version scan to find any listening services:

nmap -p- -sV --min-rate 5000 <IP-address>

-p- instructs Nmap to scan all 65,535 TCP ports, and --min-rate 5000 speeds the scan by sending 5000 packets per second, which significantly reduces total scan time for a full-port sweep.

> nmap -p- -sV --min-rate 5000 10.129.153.13

PORT     STATE SERVICE VERSION
6379/tcp open  redis   Redis key-value store 5.0.7

The scan revealed port 6379 open and serving Redis. Redis is an in-memory key-value database commonly used for caching, message brokering, and lightweight data storage; because it primarily keeps data in RAM, it offers very low-latency reads and writes.

To interact with the service I used the Redis CLI:

redis-cli -h <IP-address>

Once connected, INFO returns server metadata; here it confirms redis_version:5.0.7 and other runtime details:

10.129.153.13:6379> INFO
# Server
redis_version:5.0.7
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:66bd629f924ac924
redis_mode:standalone
os:Linux 5.4.0-77-generic x86_64
arch_bits:64
multiplexing_api:epoll
atomicvar_api:atomic-builtin
gcc_version:9.3.0
process_id:752
run_id:fd174c5a8079e12167063e9ccd8d51fc3f3beafd
tcp_port:6379
uptime_in_seconds:906
uptime_in_days:0
hz:10
configured_hz:10
lru_clock:15837599
executable:/usr/bin/redis-server
config_file:/etc/redis/redis.conf

To work with a specific logical database in Redis use SELECT <index>. I switched to database 0:

10.129.153.13:6379> SELECT 0
OK

Listing keys in the selected database with KEYS * returned four entries:

10.129.153.13:6379> KEYS *
1) "numb"
2) "temp"
3) "flag"
4) "stor"

I read the flag key with GET and retrieved the flag:

10.129.153.13:6379> GET flag
"03e1d2b376c37ab3f5319922053953eb"

Summary of the flow: perform a full-port fast scan to find services, identify Redis on 6379, connect with redis-cli, inspect server info, select the appropriate DB, enumerate keys, and retrieve the target value with GET.

✏️ Task answers

Task 1: Which TCP port is open on the machine?

6379

Task 2: Which service is running on the port that is open on the machine?

Redis

Task 3: What type of database is Redis? Choose from the following options: (i) In-memory Database, (ii) Traditional Database

In-memory Database

Task 4: Which command-line utility is used to interact with the Redis server? Enter the program name you would enter into the terminal without any arguments.

redis-cli

Task 5: Which flag is used with the Redis command-line utility to specify the hostname?

-h

Task 6: Once connected to a Redis server, which command is used to obtain the information and statistics about the Redis server?

INFO

Task 7: What is the version of the Redis server being used on the target machine?

5.0.7

Task 8: Which command is used to select the desired database in Redis?

SELECT

Task 9: How many keys are present inside the database with index 0?

4

Task 10: Which command is used to obtain all the keys in a database?

KEYS *

🚩Flag

03e1d2b376c37ab3f5319922053953eb