Redis¶
Information
Category: Database
Tags: 'database' 'cache' 'nosql' 'redis' 'memory'
Criticality: 🔴 High
Description¶
Redis is an open-source, in-memory data structure store used as a database, cache, and message broker. It supports various data structures such as strings, hashes, lists, sets, and sorted sets. Redis is widely used for performance-critical applications but is often misconfigured, making it a common target during pentests.
How it works¶
- In-memory storage: Data is primarily stored in RAM, enabling extremely fast read/write operations.
- Client-server model: Clients communicate with the Redis server over TCP (default port 6379).
- Persistence (optional): Data can be saved to disk using RDB snapshots or AOF logs.
- Authentication (optional): Redis can be configured with a password, but authentication is disabled by default in many setups.
Configuration Files¶
Log Files¶
# Debian/Ubuntu
/var/log/redis/redis-server.log
# RedHat/CentOS
/var/log/redis/redis.log
/var/log/messages
# Windows
C:\Program Files\Redis\log\redis.log
# macOS (Homebrew)
/usr/local/var/log/redis.log
/opt/homebrew/var/log/redis.log
Credentials¶
Authentication
- Redis does not enforce authentication by default.
- Password authentication is configured using the
requirepassdirective inredis.conf. - ACL-based authentication is available in Redis 6.0+ via the
users.aclfile.
Pentest Tips¶
Reconnaissance
- Scan port 6379 (default Redis port).
- Identify Redis version via banner grabbing.
Misconfiguration Checks
- Check for unauthenticated access.
- Verify if
protected-modeis disabled. - Check bind address (
bind 0.0.0.0) allowing external access.
Exploitation
- Write arbitrary files if Redis runs as root and filesystem permissions allow.
- Abuse
CONFIG SET diranddbfilenameto write SSH keys or cron jobs. - Dump in-memory sensitive data (sessions, tokens, credentials).
Post-Exploitation
- Extract application secrets stored in Redis.
- Use Redis as a pivot point for lateral movement.
- Persist access via modified configuration or scheduled tasks.
Useful Commands¶
# Check if Redis is reachable
redis-cli -h [target_IP] -p 6379 ping
# Connect to Redis without authentication
redis-cli -h [target_IP] -p 6379
# Authenticate (if password is set)
AUTH <password>
# Get Redis server info
INFO
# List all keys (can be dangerous on production)
KEYS *
# Dump configuration
CONFIG GET *
Known Vulnerabilities¶
CVE-2022-0543 - Remote Code Execution (Lua Sandbox Escape)
Affects Debian-based Redis packages due to a misconfigured Lua sandbox, allowing arbitrary code execution.
Metadata¶
- Template version: 1.0
- Last updated: December 2025
- Contributor: Laurince AGANI / EpiHack Benin
- Sources verified: Yes