Akil Hylton El

Sep 19, 2021

2 min read

Redlike (Redis Exploitation) — HacktivityCon 2021 CTF

Connect via ssh:

After uploading and running linpeas.sh with:

LinPea’s output let us know Redis is running.

I checked the Redis version with:

So we are running Redis 5.0.7, doing some research I found there was an RCE exploit for this version.

Since the target machine doesn’t have a C Compiler. I’ll have to do it locally from my machine. On my machine I’m going to fetch and setup all the exploit code to scp to the target.

Local my machine:

Exploit target machine:

After uploading the exploit code we can login back in with ssh and exploit the machine.

Got root and the flag on root’s home directory. Was a fun challenge!

Hacktivitycon
Ctf
Ctf Writeup
Redis

--

--

More from Akil Hylton El

Ethical Hacker

Recommended from Medium

Cyver

in

Cyver Core

Whitepaper — What is the ROI of a Pentest-as-a-Service Platform

Avis Vincelette

{UPDATE} Fire Team Hack Free Resources Generator

DocTooLs

What is a Ransomware attack or Hijack attack?

Daniel Farber Huang

in

Paradigm Crunch

CyberScam-du-Jour: Chinese Con Men Pose as Police and DHL to Empty Victim’s Investment Portfolios

Photo of a Chinese police car, handcuffs, and DHL logo.
Paul M. Geoffrion

in

Cloud Conformity

How to Achieve Continuous AWS & NIST Compliance

Psyber-X Play 2 Earn First Person Shooter

Gif Contest to win Rare NFT & 100,000 LVL Token & Weekly Community Battle Royal

Mohamed Thasneem

Secure digest functions

Chuxiaolian

in

Coinmonks

Earned the first $6,400 on the airdrop, how to catch the opportunity?

AboutHelpTermsPrivacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akil Hylton El

Akil Hylton El

55 Followers

Ethical Hacker

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech