Write-up 6 July 2026 #Iot Security #Pwned

HTB Redeemer Walkthrough

Task 1: Which TCP port is open on the machine? Let’s start by running our usual nmap scan:

sudo nmap -sSCV 10.129.136.187 -p- --min-rate=1000 -oA redeemer-nmap

And we get the following results: Answer: 6379

Task 2: Which service is running on the port that is open on the machine? From the above Nmap scan, we can see the service that is running. Answer: Redis

Task 3: What type of database is Redis? Choose from the following options: (i) In-memory Database, (ii) Traditional Database Let’s search Redis and see what we find out about it. Answer: In-memory Database

Task 4: Which command-line utility is used to interact with the Redis server? Enter the program name you would enter into the terminal without any arguments. A search of 'Redis command line’ will give you the answer. Answer: redis-cli

Task 5: Which flag is used with the Redis command-line utility to specify the hostname? In our terminal, let’s run “redis-cli -h” to see which flag we should use. Answer: -h

Task 6: Once connected to a Redis server, which command is used to obtain the information and statistics about the Redis server? Let’s connect to the Redis server first: ``` redis-cli -h 10.129.136.187

```Now we can type "help," and we can press tab to toggle through the different help options. What we need is: help @server In that, we will see the following: Answer: info

Task 7: What is the version of the Redis server being used on the target machine? If we refer back to the nmap scan in Task 1, we will find our answer. Answer: 5.0.7

Task 8: Which command is used to select the desired database in Redis? If we read through the help pages, we’ll get our answer for this. Answer: select

Task 9: How many keys are present inside the database with index 0? Now that we’ve selected our database, let’s run info again. Right at the bottom, we’ll get our answer. Answer: 4

Task 10: Which command is used to obtain all the keys in a database? To get all the keys in the database, we need to use the keys command. Answer: keys*

Task 11: Submit root flag After running “keys ”, this is what we see: Now we know that the flag is there, and we need to get the contents of the flag. That can be done using the following command: get the flag. Answer: 03e1*****53eb