I scan to the target machine with nmap.
I search about redis. What is this? I find benefical information about redis in the hacktricks.
https://book.hacktricks.xyz/network-services-pentesting/6379-pentesting-redis
I try to do like this.
Firstly I create id_rsa and I cpoy the id_rsa.pub to spaced_key.txt. After I do above the instructions I send key to redis database.
So I connect to target machine via ssh.
I execute linpeas.
I find intresting file. It includes a certificate and try to crack password.
I try to connect these credentials but it does not successs.
I change user in the redis.
There is a vulnerability webmin 1.910. Before find credentials I find the exploit but I don’t have any credentials.
