Wombo Proving Grounds Write-Up
SUMMARY
This write-up covers the Wombo machine from Offsec’s Proving Grounds, a straightforward Linux machine where an exposed Redis instance led directly to root.
Ports 80 and 8080 hosted HTTP services with nothing exploitable. Port 6379 ran Redis 5.0.9 with no authentication. This version is vulnerable to a master-slave replication attack: by setting up a rogue Redis server on the attacker machine and forcing the target to replicate from it, a malicious shared library module is transferred and loaded. Once loaded, the module enables arbitrary system command execution. A reverse shell command was issued and received as root, with no privilege escalation step required.
PATH TO FOLLOW
- Reconnaissance & Unauthenticated Redis 5.0.9 Discovery
- Rogue Redis Master-Slave Setup
- Malicious Module Transfer & Load via Replication
- System Command Execution → Shell as Root
Due to OffSec’s policy on content sharing, these write-ups will provide hints only rather than full solutions.I know, boring stuff.