Exploiting Redis 4.0.9 for RCE & Webmin 1.910 for PrivEsc
It’s an easy-rate box. We will exploit the Redis service to obtain the first interactive shell. Then, we will go up to the next user by reviewing further. We will use the documented CVE 2019–12840 vulnerability on the root shell to exploit the Webmin server.