Hack The Box: REDEEMER Writeup
The REDEEMER machine is the Fourth challenge in Tier 0 of Hack The Box’s Starting Point series.
To get started with the REDEEMER machine on Hack The Box, you just need to hit the “Spawn Machine” button. This will boot up the target system.
Once the target machine is up and running, the next step is to ensure we have a working connection to it. We can do this by pinging the target IP from our attack machine. This simple check confirms whether our machine can communicate with the target. In my case ping is successful so the connection is established.
Let’s begin with a nmap scan. Use following command to scan the target IP address.
nmap -sV -sC -A 10.129.77.246- -sV option enables version detection to determine the version of the services running on open ports.
- -sC flag tells Nmap to run a set of default scripts during the scan.
- -A option enables OS detection, version detection, script scanning, and traceroute all at once.
- 10.129.77.246 is our target IP address.
By default, Nmap scans only the first 1,000 ports, which may limit the information we can gather. To enhance our results, let’s extend the scan to include the first 10,000 ports to see if we can uncover anything useful.
nmap -sS -p 1-10000 -sV -v 10.129.77.246 - -sS option specifies a TCP SYN scan, also known as a “stealth” scan. It sends SYN packets to the target ports and analyzes the responses to determine whether the ports are open, closed, or filtered.
- -p 1–10000 parameter tells Nmap to scan ports 1 through 10,000.
- -sV option enables version detection, allowing Nmap to identify the versions of the services running on the open ports.
- -v flag increases the verbosity of the output, providing more detailed information about the scanning process and its findings.
The Nmap scan results indicate that the target machine is running a Redis database on port 6379. To connect to it, we can use the following command:
redis-cli -h 10.129.223.137
We’ve successfully connected to the Redis database without needing a password. Now, let’s use the INFO command in redis-cli to retrieve detailed information about the database.
If we scroll down to the end we can see that we have a database db0 with 4 keys, none of which are set to expire.
To use the Redis database, we can select database 0 by executing the command SELECT 0. Once we have selected the database, we can use the KEYS *command to check which keys are present in database 0. This command will list all the keys stored in the selected database, allowing us to explore the contents further.
We can see that the flag key is present in the database. To retrieve its content, we can use get flag following command and BOOM!! We have our flag.
Submit the captured flag and answer the questions on the box page. Since the questions are straightforward and we’ve already covered everything in the steps explained above so, there’s no need to provide detailed responses here. Simply refer back to our earlier findings, to complete the challenge successfully.
CONGRATULATIONS!!! The Redeemer box is completed!
This walkthrough finishes here. Stay tuned for the next adventure! 🚀😊
