I know, I know this is a very simple box to solve, But after solving Meow, FAWN and Dancing boxes, I found that the Redeemer box is worth writing a writeup.

So Let's Get Started and Spawn the box, You will get the IP Address.

Now first we will do a Nmap scan, and we didn't got any open ports :(

sudo nmap -sV {IP}

So in output, you can see it only scanned 1000 ports, so we have to scan all available (65,535) ports and we can do this by using a flag -p- . With -T5 as it will take a long time to scan all the 65,535 ports, So we have to speed up the things.

sudo nmap -sV -p- {IP} -T5

Yup, Now we got that Redis is running on port 6379 . So I googled it bit and found, To interact with the Redis server we have to use redis-cli, And we can download it by using this command.

sudo apt install redis

I checked --help and found -h (hostname) was the flag we can use to connect to the sever.

redis-cli -h {IP}

Congratulate yourself, If you did this successfully, You are one step forward to become a great hacker (Ethical 😉), Now in the previous machine we have learned that when we don't know anything then type help, So let's type helpcommand, But this didn't helped ☠️.

Time to do some googling, So I learned a few Important commands in redis-cli

• INFO : To print all Redis statistics.
• SELECT : Select a database.
• CONFIG GET databases : Print all databases
• KEYS : To get key in a database.
• GET : Get a value in a key.

So First Command INFO Gave us a version of the Redis that our target machine is using.

So after this, I printed all the databases. Which was not needed, But still I did it out of curiosity.

Now let's select database at index 0 with SELECT 0 command.

Now let's print all the keys with a wild card, KEYS * Command.

Did you see that, There a key named flag 😎, We are very close, Now let's do a final attack with the command GET flag .

Voila, We got our flag.

In future, I am going to write more writeups and content related programming and Cybersecurity. So you know what to do 😉.