Memcached

Default Port: 11211

Memcached is a high-performance distributed memory caching system and database. It is commonly used to improve the speed of dynamic websites. Memcached reduces the database load and improves response times of web applications by caching frequently accessed data in memory.

Memcached consists of two components: a Memcached server and one or more Memcached clients. The Memcached server stores and serves data to clients.

Connect

Connect Using Telnet

telnet <target-ip> 11211

Recon

Identifying a Memcached Server

You can identify Memcached servers by establishing a telnet connection:

telnet <target-ip> 11211

Enumeration

Dumping All Cached Items

To list all cached items, you can use telnet:

stats cachedump 1 0

Attack Vectors

Unauthorized Access

By default, Memcached allows unauthorized access, meaning no credentials are required to access it. However, this exposes Memcached servers to potential attacks.

Denial of Service (DoS)

Memcached has several DoS attack vectors that can be exploited by attackers to disable the target server.

Post-Exploitation

Flush All Cached Items

To flush all cached items, you can use the following command:

echo "flush_all" | nc <target-ip> 11211

Dumping Cached Items

To retrieve cached items, you can use the following command:

echo "stats items" | nc <target-ip> 11211

Statistics

To get Memcached statistics, you can use the following command:

echo "stats" | nc <target-ip> 11211

Memcached

Connect​

Connect Using Telnet​

Recon​

Identifying a Memcached Server​

Enumeration​

Dumping All Cached Items​

Attack Vectors​

Unauthorized Access​

Denial of Service (DoS)​

Post-Exploitation​

Flush All Cached Items​

Dumping Cached Items​

Statistics​