Authentication

By default Redis can be accessed without credentials. However, it can be configured to support only password, or username + password. It is possible to set a password in redis.conf file with the parameter requirepass or temporary until the service restarts connecting to it and running: config set requirepass p@ss$12E45. Also, a username can be configured in the parameter masteruser inside the redis.conf file.

If only password is configured the username used is "default". Also, note that there is no way to find externally if Redis was configured with only password or username+password.

In cases like this one you will need to find valid credentials to interact with Redis so you could try to brute-force it:

msf> use auxiliary/scanner/redis/redis_login
nmap --script redis-brute -p 6379 <IP>
hydra –P /path/pass.txt <IP> redis

In case you found valid credentials you need to authenticate the session after establishing the connection with the command:

AUTH <username> <password>

Valid credentials will be responded with: +OK.

PreviousRedis NextRCE

Last updated 3 years ago