Q: What does the 3-letter acronym FTP stand for? A: File Transfer Protocol.
Doing a typical nmap scan wont result in seeing what port is open. Note the box note mentions redis which a quick google search will show that redis server runs on tcp port 6379.
We can also try using nmaps –top-ports flag to see if we can pick it up that way.
PORT STATE SERVICE VERSION 6379/tcp open redis Redis key-value store 5.0.7
Q: Which service is running on the port that is open on the machine? A: redis
Redis is a in memory data structure store that supports abstract data structures.
Q: What type of database is Redis? Choose from the following options: (i) In-memory Database, (ii) Traditional Database A: In-memory Databse
Q: Which command-line utility is used to interact with the Redis server? Enter the program name you would enter into the terminal without any arguments. A: redis-cli
Q: Which flag is used with the Redis command-line utility to specify the hostname? A: -h `
Q: Once connected to a Redis server, which command is used to obtain the information and statistics about the Redis server? A: info
redis-cli -h 10.129.60.214 10.129.60.214:6379> INFO # Server redis_version:5.0.7 redis_git_sha1:00000000 redis_git_dirty:0 redis_build_id:66bd629f924ac924 redis_mode:standalone os:Linux 5.4.0-77-generic x86_64 arch_bits:64 multiplexing_api:epoll atomicvar_api:atomic-builtin gcc_version:9.3.0 process_id:755
Q: What is the version of the Redis server being used on the target machine? A: 5.0.7
Q: Which command is used to select the desired database in Redis?
Q: How many keys are present inside the database with index 0? A: 4
Q: Which command is used to obtain all the keys in a database? A: keys *
10.129.60.214:6379> keys * 1) "numb" 2) "temp" 3) "stor" 4) "flag" 10.129.60.214:6379>
Note that listing all the keys lists all the name of the different keys of the redis server. And lucky for us, the fourth one is conviently named flag!
using the command
DUMP flag will retrieve the contents and give us the key needed