Redis Misconfiguration Exploitation
Identified and exploited an exposed Redis server caused by insecure configuration. This project demonstrates network enumeration, service identification, interacting with Redis using the command line, and extracting data from an unsecured database in a safe lab environment.
Disclaimer
This proof-of-concept was developed and tested exclusively in an isolated environment for educational and defensive cybersecurity purposes.
Overview
This project demonstrates how to install, verify, and remove Suricata on a Linux system using the APT package manager. The goal was to practise Linux software deployment, dependency handling, and basic IDS setup within a controlled environment.
Skills Demonstrated
- Network enumeration
- Nmap scanning
- Redis enumeration
- Redis CLI usage
- Service identification
- Linux command line
- Database exploration
- Penetration testing methodology
- Vulnerability assessment
- Security misconfiguration analysis
Tools Used
- Kali Linux
- Nmap
- Redis CLI
- Redis
Process
Network Enumeration
The first step was identifying any exposed services running on the target machine. Using Nmap, I performed a service and version scan to discover open ports and determine which services were available. The scan revealed an exposed Redis service running on its default port.
sudo nmap -sVC -p 1-10000 -O -Pn (ip_address) 
Understanding Redis
Before interacting with the service, I researched how Redis works and learned that it stores information as key-value pairs entirely in memory. Understanding the database structure made it much easier to navigate once connected.
Connecting to the Server
Since the Redis instance had no authentication configured, I was able to connect directly using the Redis command-line client. This demonstrated how dangerous default configurations can be when services are exposed to a network.
redis-cli -h (ip_address) 
Enumerating the Database
After connecting, I used Redis commands such as INFO to gather information about the server before listing every available key stored inside the database. This allowed me to understand what data was available without modifying any information
Reading Stored Data
Finally, I queried individual keys to retrieve their stored values. This demonstrated how an attacker could access sensitive information if a Redis server is left publicly accessible without proper authentication or network restrictions.
KEYS * 
What I Learned
This project improved my understanding of service enumeration and reinforced that security vulnerabilities are not always caused by software flaws many are the result of insecure configurations. I became more comfortable using Nmap to identify exposed services, interacting with Redis through the command line, and understanding how attackers can enumerate databases when authentication has not been configured correctly.