How i found credential enriched redis dump

Hello, Everyone

So, i was testing a program , and during my recon i came across tons of subdomains unfortunately there were wildcard.

Anyways, my eye got attention on a subdomain“redacted-redacted.redacted.com” and it was a static page just to download their mobile apps , as it was a beta version so i thought why not do some directory search,so i ran dirsearch on default list

python3 dirsearch.py -e <extensions list> -u http://redacted-redacted.redacted.com

and a file dump.rdb catch-ed my attention , it was 3mb in size

Now a question arise what is Dump.rdb?

To those who don’t know

rdb file is a binary representation of the in-memory store. This binary file is sufficient to completely restore Redis’ state. The rdb file format is optimized for fast read and writes. Where possible LZF compression is used to reduce the file size

so as we see it had LZF compression so it was hard to read , so i downloaded couple of things

  1. rdbtools
  2. python-lzf

sudo pip install rdbtools python-lzf

and now once they are installed , we run command in order to make it readable , and in order to read we have to convert it to json

rdb — comand json dump.rdb -f output.json

or you can also save the output in directly in a .txt file

sudo rdb — command json dump.rdb > out.txt

this will save all the json output in .txt

(somewhat direct output save makes the file readable in compare to original output rdbtools does)

and now you can open it in your fav. editor or use this service or whatever suits you.

http://jsonviewer.stack.hu

Now when i opened it, i found smtp login creds, usernames, passwords,addresses, etc.

Unfortunately i cannot tell you the company name or any other detail, just this writeup gives idea what to do if you find anything like this.

So i reported to the company and they replied

“it is 3 years old but thank you for letting us know, Bla Bla Bla…”

unfortunately no Bounty yet.

“But its always great to learn something and experience from it.”

My DM is open for any questions.

Thank you for Reading