Redis NoSQL Database Exploit Using SSH | CTF Walkthrough

In this video walk-through, we covered the enumeration of Redis NoSQL database server and exploitation using SSH. Postman is an easy difficulty Linux machine, which features a Redis server running without authentication. This service can be leveraged to write an SSH public key to the user's folder. An encrypted SSH private key is found, which can be cracked to gain user access. The user is found to have a login for an older version of Webmin. This is exploited through command injection to gain root privileges. ************* Receive Cyber Security Field Notes and Special Training Videos https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join ******* Writeup https://motasem-notes.net/redis-nosql-database-exploit-using-ssh-hackthebox-postman/ HackTheBox Postman https://www.hackthebox.com/machines/postman ********* Instagram https://www.instagram.com/dev.stuxnet/ Twitter https://twitter.com/ManMotasem Facebook https://www.facebook.com/motasemhamdantty/ LinkedIn [1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/ [2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/ Website https://www.motasem-notes.net Patreon https://www.patreon.com/motasemhamdan?fan_landing=true Backup channel https://www.youtube.com/channel/UCF2AfcPUjr7r8cYuMvyRTTQ My Movie channel: https://www.youtube.com/channel/UCilElKPoXEaAfMf0bgH2pzA ******