Hey man sorry to bother you I'm currently working on the POSTMAN box. I'm pretty sure I somehow need to exploit the redis port. I have access to the redis-cli interface since I installed the redis-tools/server. I use "config get dir" and "dir" and "/var/lib/redis"
I've been reading the redis-cli documentation but I can't wrap my mind around how to list the "username" or "change directory"
I'm suppose to use a python exploit? because I tried using:
so far no luck
bro, can you help me with Network machine ? Im on the apache shell now, found the user.txt file but it has an permission, can you help me with this ?
Looks at the file keenly and see how you can inject a payload under specified directory from the script.
Dont over think simple bypass to execute multiple command in a shell comes in hand here.