Find open Redis istances
There are a lot of open Redis istances exposed on internet!
Redis is an open-source and fast In-Memory Data Store used as a database, cache and message broker.
Characterized by the speed of access to information, Redis stores data in RAM and offers versatile data structures,
including strings, lists and sets, making it ideal for applications that require high performance.
It supports atomic operations and offers disk persistence capabilities. Due to its versatility and scalability,
Redis is widely used for improving the performance of web applications, managing user sessions, and other temporary data storage operations.
Searching Redis istances
Shodan reports thousands of results given, but as we can see they're authenticated.
By default, redis does not set a password, leaving inexperienced system administrators with a vulnerable configuration, allowing us to access their Redis instance.
Those open istances have a specific response banner,
giving directly server infos and eventual databases with its number of keys if present: db(n):keys=(n).
Knowing that, we can formulate our shodan query: product:redis "db0"
[*] shodan_results.png
There are a lot of compromised and end-of-life products.
Obviously these are the results including "db0",
at least for filtering non-compromised results you can increasing the number index of DB, like "db1", "db2" etc...
You can also use FOFA, protocol="redis" && banner="db0"(same thing for the "db0",1,2...)
Connecting to the redis server
You can see the steps to install redis for various platforms here.
After that, let's connect to the server with the command: redis-cli -h [IP address]
remember that the default port is set on 6379!
with the command info we can see informations about the server and the istance.
[*] redis_info.png
Once we have read avaible databases, we just select one with select [n].
To list all keys: keys *; to view a string key: get [name].
A complete list redis commands can be found here.
[*] redis_commands.png