Write-up 6 July 2026 #Iot Security #Pwned
HTB Redeemer Walkthrough
Task 1: Which TCP port is open on the machine? Let’s start by running our usual nmap scan:
sudo nmap -sSCV 10.129.136.187 -p- --min-rate=1000 -oA redeemer-nmap
And we get the following results: Answer: 6379
Task 2: Which service is running on the port that is open on the machine? From the above Nmap scan, we can see the service that is running. Answer: Redis
Task 3: What type of database is Redis? Choose from the following options: (i) In-memory Database, (ii) Traditional Database Let’s search Redis and see what we find out about it. Answer: In-memory Database
Task 4: Which command-line utility is used to interact with the Redis server? Enter the program name you would enter into the terminal without any arguments. A search of 'Redis command line’ will give you the answer. Answer: redis-cli
Task 5: Which flag is used with the Redis command-line utility to specify the hostname? In our terminal, let’s run “redis-cli -h” to see which flag we should use. Answer: -h
Task 6: Once connected to a Redis server, which command is used to obtain the information and statistics about the Redis server? Let’s connect to the Redis server first: ``` redis-cli -h 10.129.136.187
```Now we can type "help," and we can press tab to toggle through the different help options. What we need is: help @server In that, we will see the following: Answer: info
Task 7: What is the version of the Redis server being used on the target machine? If we refer back to the nmap scan in Task 1, we will find our answer. Answer: 5.0.7
Task 8: Which command is used to select the desired database in Redis? If we read through the help pages, we’ll get our answer for this. Answer: select
Task 9: How many keys are present inside the database with index 0? Now that we’ve selected our database, let’s run info again. Right at the bottom, we’ll get our answer. Answer: 4
Task 10: Which command is used to obtain all the keys in a database? To get all the keys in the database, we need to use the keys command. Answer: keys*
Task 11: Submit root flag After running “keys ”, this is what we see: Now we know that the flag is there, and we need to get the contents of the flag. That can be done using the following command: get the flag. Answer: 03e1*****53eb