From my understanding the attack is blind so you won’t get output to validate its working.
Review all the config files you have gathered for hints on what to target.
I have not defeated this box yet, I got it partly working but couldn’t get RCE. Hopefully these hints help, good luck.
Yeha, i can enter in the shop, buy right afther i refresh is shows Predis\Response|ServerExeption Looks like box is not working properly. or is this ok?
sorry, could have been me tampering around. I figured RCE and now have a reverse shell.
can we agree that nobody will use REPLICAOF. this is hosing the redis instance such that it’s read-only and then nobody will be able to get a shell
I think it’d be easier if creators just ban replicaof, save as they did with a few other commands.
yeah they banned flush, guess they wanted to allow something for a little feedback
shutdown is still there and it takes a few seconds to restart redis and start clean.
Or better yet, execute “REPLICAOF NO ONE” every 30 seconds or so, so that people can get the PoC without ruining it for others for too long.
any hints plz
can u help me with cybermonday?
Anyone available to help with user?
reading docs i see the default value it’s on read only … but it 's default value… can we modify? 
Hope this can help!
I recently got the user flag. I am unable to get root flag. Can someone help me in DMs? 
I know how to proceed for root flag, but it isn’t working.
PS: Docker Mounting is not working
■■■■ of a ride man
Finally got the root flag
Thanks @ride200mph
I would love a hint on the user flag if someone would be able to DM me? I have a rev shell and found the hidden route/auth log & apiauth. I can’t seem to get anywhere with this though. Am I on the wrong path? Any hints would be much appreciated.
Still stuck in the container. I think I found everything I need but can’t put my payload right.
Somebody around for a little nudge ?
What help do you need?
p.s will it be a cybermonday discounts this year?