by {'login'=>'averagesecurityguy', 'email'=>'stephen@averagesecurityguy.info', 'display_name'=>'averagesecurityguy', 'first_name'=>', 'last_name'=>'}
Redis is an in-memory key/value data store used to handle backend data for many web applications. Often, Redis is used to store configuration information, session information, and user profile information. By default the Redis server does not require authentication for client access. This is not a problem if Redis is only listening on localhost but often it is not.
The redis-server package also installs the redis-tools package as a dependency which includes the redis-cli program that we will use extensively in the next steps. If you want a version of Redis that is more recent than the version stored in the Debian repositories, you can build from source as described in the Redis documentation. REDIS cheatsheet v1.0 starting the server cd redis;./redis-server running the client./redis-cli exists key Test if specified key exists. Return: 1 if exists, 0 if not commands generic commands for all types. Check Redis response latency redis-cli –latency -h -p. It is measuring the time for the Redis server to respond to the Redis PING command in milliseconds. “samples”: This is the amount of times the redis-cli recorded issuing the PING command and receiving a response. Edit Cheat Sheet When you encounter a Redis instance and you quickly want to learn about the setup you just need a few simple commands to peak into the setup. Of course it doesn’t hurt to look at the official full command documentation, but below is a listing just for sysadmins.
Finding Redis Servers
By default Redis listens on port 6379, which is not in the Nmap top 1000 port list or the /etc/services list used by Nessus. You will need to scan specifically for this service if you want to find it.
Interacting with Redis
The easiest way to interact with Redis is to use the Redis CLI client, redis-cli. On Kali2 you can install the client by installing the redis-tools package with apt-get. After installing redis-cli you can connect to the Redis server using redis-cli -h <hostname> -p <port>
.
Once connected you can use the following commands to gather data from the server:
info
- Outputs server data including version, number of databases, and the number of keys in each database.select <n>
- Select a database to work with. By default Redis has 16 databases available, 0 - 15. Typically, only 0 is used.keys <pattern>
- Display all keys matching the regex pattern. To see all keys use *.type <key>
- Displays the type of the value stored in the key, string, hash, set.get <key>
- Print the value of the string key.hgetall <key>
- Get all of the field/value pairs stored in the hash key.hget <field> <key>
- Get the value of the specified field in the hash key.
The full list of supported commands can be found here: http://redis.io/commands. This list is all of the commands supported in the latest version of Redis. Some of the commands may not work in older versions.
In addition to redis-cli, you can also access a Redis server using a number of programming languages. A full list of Redis clients by language is available here: http://redis.io/clients.
Simple Python Example
To use the example script below you will need to install the redis-py library using pip install redis
. If Pip is not installed you can install it on Kali using apt-get install python-pip
.
Update
If you come across a Redis server that is password protected, there is an NSE script that can be used to brute force the password. Once you find the password you can connect to the server using redis-cli -h <host> -p <port> -a <password>
.
Update 2015/09/18
Thanks @bonsaiviking for pointing out the redis-info NSE script. So if you are hunting specifically for Redis servers you can use something like this:
nmap -p 6379 --script=redis-info 127.0.0.1 --open
Which should yield results like this:
Redis Cli Cheat Sheet Pdf
You can also scan for Redis servers using Metasploit with the auxiliary/scanner/misc/redis_server.
tags: python - RedisIf key
already exists and is a string, this command appends the value
at the end of the string. If key
does not exist it is created and set as an empty string, so APPEND will be similar to SET in this special case.
Redis Cli Commands
*Return value
Integer reply: the length of the string after the append operation.
*Examples
*Pattern: Time series
The APPEND command can be used to create a very compact representation of a list of fixed-size samples, usually referred as time series. Every time a new sample arrives we can store it using the command
Accessing individual elements in the time series is not hard:
- STRLEN can be used in order to obtain the number of samples.
- GETRANGE allows for random access of elements. If our time series have associated time information we can easily implement a binary search to get range combining GETRANGE with the Lua scripting engine available in Redis 2.6.
- SETRANGE can be used to overwrite an existing time series.
The limitation of this pattern is that we are forced into an append-only mode of operation, there is no way to cut the time series to a given size easily because Redis currently lacks a command able to trim string objects. However the space efficiency of time series stored in this way is remarkable.
Redis Cli Cheat Sheet Download
Hint: it is possible to switch to a different key based on the current Unix time, in this way it is possible to have just a relatively small amount of samples per key, to avoid dealing with very big keys, and to make this pattern more friendly to be distributed across many Redis instances.
Redis Cli Cheat Sheet
An example sampling the temperature of a sensor using fixed-size strings (using a binary format is better in real implementations).