Posts: 10 Threads: 0 Joined: N/A (July 24, 2022, 03:05 AM)Hacker2222 Wrote: bruh i give 1 hint on this place and suddenly an bunch of user flags get 0wn3d without you knowing how root. the file says it in the name. redis_CONNECTION_dev. if reddis needs auth, then why are u not looking at traffic??? bruh ........ :D :D :D Posts: 27 Threads: 0 Joined: N/A (July 24, 2022, 03:07 AM)blahblah Wrote: (July 24, 2022, 03:05 AM)Hacker2222 Wrote: bruh i give 1 hint on this place and suddenly an bunch of user flags get 0wn3d without you knowing how root. the file says it in the name. redis_CONNECTION_dev. if reddis needs auth, then why are u not looking at traffic???
bruh ........ :D :D :D found the password copied the binary over Posts: 9 Threads: 0 Joined: N/A (July 24, 2022, 03:33 AM)rubymurakami Wrote: (July 24, 2022, 03:07 AM)blahblah Wrote: (July 24, 2022, 03:05 AM)Hacker2222 Wrote: bruh i give 1 hint on this place and suddenly an bunch of user flags get 0wn3d without you knowing how root. the file says it in the name. redis_CONNECTION_dev. if reddis needs auth, then why are u not looking at traffic???
bruh ........ :D :D :D
found the password copied the binary over analyzing it atm, any hints on where to look? Posts: 56 Threads: 0 Joined: N/A (July 24, 2022, 03:05 AM)Hacker2222 Wrote: bruh i give 1 hint on this place and suddenly an bunch of user flags get 0wn3d without you knowing how root. the file says it in the name. redis_CONNECTION_dev. if reddis needs auth, then why are u not looking at traffic??? I have the password, I have not been able to do anything when connecting with redis-cli Posts: 71 Threads: 0 Joined: N/A (July 24, 2022, 03:33 AM)rubymurakami Wrote: (July 24, 2022, 03:07 AM)blahblah Wrote: (July 24, 2022, 03:05 AM)Hacker2222 Wrote: bruh i give 1 hint on this place and suddenly an bunch of user flags get 0wn3d without you knowing how root. the file says it in the name. redis_CONNECTION_dev. if reddis needs auth, then why are u not looking at traffic???
bruh ........ :D :D :D
found the password copied the binary over been hunting in Ghidra, can't spot the dam password, what function is it in? Posts: 27 Threads: 0 Joined: N/A using the hint provided I started to listen on the redis port using nc after running the binary that was copied over the password should be given. Looking at a way to leverage it now. Posts: 9 Threads: 0 Joined: N/A (July 24, 2022, 03:46 AM)rubymurakami Wrote: using the hint provided I started to listen on the redis port using nc after running the binary that was copied over the password should be given. Looking at a way to leverage it now. where r u running the binary? Posts: 27 Threads: 0 Joined: N/A (July 24, 2022, 03:54 AM)vinciwashere Wrote: (July 24, 2022, 03:46 AM)rubymurakami Wrote: using the hint provided I started to listen on the redis port using nc after running the binary that was copied over the password should be given. Looking at a way to leverage it now.
where r u running the binary? locally Posts: 9 Threads: 0 Joined: N/A (July 24, 2022, 03:59 AM)rubymurakami Wrote: (July 24, 2022, 03:54 AM)vinciwashere Wrote: (July 24, 2022, 03:46 AM)rubymurakami Wrote: using the hint provided I started to listen on the redis port using nc after running the binary that was copied over the password should be given. Looking at a way to leverage it now.
where r u running the binary?
locally gotcha and listening on host machine or? Posts: 27 Threads: 0 Joined: N/A (July 24, 2022, 03:59 AM)vinciwashere Wrote: (July 24, 2022, 03:59 AM)rubymurakami Wrote: (July 24, 2022, 03:54 AM)vinciwashere Wrote: (July 24, 2022, 03:46 AM)rubymurakami Wrote: using the hint provided I started to listen on the redis port using nc after running the binary that was copied over the password should be given. Looking at a way to leverage it now.
where r u running the binary?
locally
gotcha and listening on host machine or? yes on the port that redis runs |
