Redlike (Redis Exploitation) — HacktivityCon 2021 CTF

Connect via ssh:

After uploading and running linpeas.sh with:

LinPea’s output let us know Redis is running.

I checked the Redis version with:

So we are running Redis 5.0.7, doing some research I found there was an RCE exploit for this version.

Since the target machine doesn’t have a C Compiler. I’ll have to do it locally from my machine. On my machine I’m going to fetch and setup all the exploit code to scp to the target.

Local my machine:

Exploit target machine:

After uploading the exploit code we can login back in with ssh and exploit the machine.

Got root and the flag on root’s home directory. Was a fun challenge!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store