From 6d48f9d1aff7aab4cbdfe916ca6fb97284416e63 Mon Sep 17 00:00:00 2001
From: Sohail Saha <captainwoof.official@gmail.com>
Date: Wed, 1 Jan 2025 12:24:07 -0500
Subject: [PATCH] Update 6379-pentesting-redis.md

Mentioned how to bruteforce user SSH directories on Redis servers
---
 network-services-pentesting/6379-pentesting-redis.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/network-services-pentesting/6379-pentesting-redis.md b/network-services-pentesting/6379-pentesting-redis.md
index 2ed024247..a526a6bc1 100644
--- a/network-services-pentesting/6379-pentesting-redis.md
+++ b/network-services-pentesting/6379-pentesting-redis.md
@@ -252,6 +252,8 @@ Please be aware **`config get dir`** result can be changed after other manually
 
 **This technique is automated here:** [https://github.com/Avinash-acid/Redis-Server-Exploit](https://github.com/Avinash-acid/Redis-Server-Exploit)
 
+Additionally, system users can also be discovered by checking with `config set dir /home/USER`, and upon confirmation, a new `authorized_keys` can be written to `/home/USER/.ssh/authorized_keys`. Use [redis-rce-ssh](https://github.com/captain-woof/redis-rce-ssh) to bruteforce this with a usernames wordlist and overwrite `authorized_keys`.
+
 ### Crontab
 
 ```