Tier 0: Redeemer - HackTheBox Starting Point - Full Walkthrough

Introduction

This tutorial provides a comprehensive walkthrough of the "Redeemer" machine from the HackTheBox Starting Point track. It is designed for beginners looking to understand the basics of penetration testing, including enumeration, service discovery, and exploiting Redis databases. By following this guide, you will gain foundational skills essential for ethical hacking.

Step 1: Enumerate Ports and Services

Start by identifying open ports and services running on the target machine. This gives insight into potential vulnerabilities.

1. Use Nmap for Scanning

   • Open your terminal.
   • Run the following command to scan the target machine:

     nmap -sV -p- [TARGET_IP]
     

   • Replace [TARGET_IP] with the IP address of the Redeemer machine.

2. Analyze the Output

   • Look for open ports, especially port 6379, which is used by Redis.
   • Take note of the services running on these ports, as they will guide your next steps.

Step 2: Understand Redis and Its Security

Before diving into exploitation, familiarize yourself with Redis and its common security issues.

1. Learn About Redis

   • Redis is a remote dictionary server used for caching and storing data.
   • Understand that it can be vulnerable if not secured properly.

2. Review Security Practices

   • Check the Redis Security Documentation for best practices.
   • Common vulnerabilities include:
     • Default configurations allowing unauthenticated access.
     • Sensitive data exposure.

Step 3: Utilize HackTricks for Pentesting Redis

Explore resources that provide insights into exploiting Redis specifically.

1. Consult HackTricks
   • Access the HackTricks guide on Pentesting Redis.
   • This guide outlines various attack vectors and techniques used to exploit Redis.

Step 4: Explore redis-cli

Use the Redis command-line interface to interact with the database.

1. Connect to Redis

   • Use the following command to connect:

     redis-cli -h [TARGET_IP] -p 6379
     

   • Replace [TARGET_IP] with the actual IP of the target.

2. Run Basic Commands

   • Start by running simple commands like:
     • PING to check if the server is responsive.
     • INFO to retrieve server information.

Step 5: Extract the Flag from the Database

Once connected to Redis, your goal is to extract the flag.

1. List Keys in Redis

   • Use the command:

     keys *
     

   • This command will show all keys stored in the Redis database.

2. Retrieve the Flag

   • If you find a key that likely holds the flag, retrieve it using:

     get [KEY_NAME]
     

   • Replace [KEY_NAME] with the actual key you want to check.

Conclusion

In this tutorial, you have learned how to enumerate ports and services, understand Redis, utilize key resources, explore the Redis CLI, and finally extract a flag from the Redis database. These foundational skills are crucial for anyone interested in penetration testing and ethical hacking. As next steps, consider practicing on other machines in HackTheBox to reinforce your skills and explore more advanced topics in cybersecurity.