![migrate netcat reverse shell to msfconsole migrate netcat reverse shell to msfconsole](https://i.stack.imgur.com/PFHqN.png)
We need the basics of course: RHOST, RPORT, LHOST, LPORT. Run the rce.py script and see what parameters are required. The second search result is exactly what I wanted. Let’s do a google search for “ redis rce” and see what’s available.
#Migrate netcat reverse shell to msfconsole code
Now we need to get a working exploit that will allow us remote code execution. Since we can run the info command and return results that means we have unauthenticated access to Redis. You’ll want to add the -v flag for verbose. To begin let’s connect to the Redis port 6379 using Netcat. On the second attempt I did establish a meterpreter session.
![migrate netcat reverse shell to msfconsole migrate netcat reverse shell to msfconsole](https://irichmore.files.wordpress.com/2015/06/msf3.jpg)
I think it took me two tries and the first time I didn’t have a parameter set correctly. use exploit/linux/redis/redis_unauth_exec We’ll use the 4th exploit since we don’t have credentials yet and its an unauthenticated exploit.Ĭonfigure the following parameters and run the exploit. Let’s see if we can get a shell using this exploit. Since we found a Metasploit module for Redis.
![migrate netcat reverse shell to msfconsole migrate netcat reverse shell to msfconsole](https://0x00sec.s3.amazonaws.com/optimized/2X/0/066ee6d52a1f8fe57f771626018f81bb320fecc5_2_690x381.png)
#Migrate netcat reverse shell to msfconsole how to
If you’d further information on Redis and how to exploit it there’s a great presentation available from ZeroNights.Ī quick and dirty Searchsploit reveals we a couple options for exploits including one Metasploit module. So it works along with the webserver on port 80. It’s used as a database for a webserver and message broker among other things. I wasn’t familiar with Redis prior to this box, so I did google search and found Redis stands for Remote Dictionary Server. That leaves us with port 6379 and the service Redis. There are exploits for SSH, but in my experience SSH is used primarily in the post-exploitation phase either for privilege escalation or establishing a better shell once you’ve obtained credentials. I’ve mentioned this before but SSH on port 22 in terms of penetration testing is rarely the initial entry point for a box. However we don’t find anything else useful. Here again we confirm the hidden directories we found with Gobuster. When I encounter a webserver or a HTTP port I always can it with Nikto. Only a couple of directories and nothing that looks particularly interesting. gobuster dir –wordlist /usr/share/wordlists/dirb/big.txt –url 172.31.1.9ĭidn’t find very much using Gobuster. I’ll use Gobuster to find any hidden directories that might be lurking behind port 80. SSH on 22, a web server on 80, and a uncommon port of 6379 which is hosting Redis 4.0.8. Get in the habit of scanning all TCP ports, as with Red if you only scan the top 1000 ports you will miss port 6379. As per usual we start with a Nmap scan of the target.