hacktricks/network-services-pentesting/11211-memcache/memcache-commands.md

168 lines
13 KiB
Markdown
Raw Normal View History

2024-12-12 10:39:29 +00:00
# Memcache Commands
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
{% embed url="https://websec.nl/" %}
## Commands Cheat-Sheet
**From** [**https://lzone.de/cheat-sheet/memcached**](https://lzone.de/cheat-sheet/memcached)
The supported commands (the official ones and some unofficial) are documented in the [doc/protocol.txt](https://github.com/memcached/memcached/blob/master/doc/protocol.txt) document.
Sadly the syntax description isnt really clear and a simple help command listing the existing commands would be much better. Here is an overview of the commands you can find in the [source](https://github.com/memcached/memcached) (as of 19.08.2016):
| Command | Description | Example |
| --------------------- | --------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| get | Reads a value | `get mykey` |
| set | Set a key unconditionally | <p><code>set mykey &#x3C;flags> &#x3C;ttl> &#x3C;size></code><br><br>&#x3C;p>Ensure to use \r\n als line breaks when using Unix CLI tools. For example&#x3C;/p> <code>printf "set mykey 0 60 4\r\ndata\r\n" | nc localhost 11211</code></p> |
| add | Add a new key | `add newkey 0 60 5` |
| replace | Overwrite existing key | `replace key 0 60 5` |
| append | Append data to existing key | `append key 0 60 15` |
| prepend | Prepend data to existing key | `prepend key 0 60 15` |
| incr | Increments numerical key value by given number | `incr mykey 2` |
| decr | Decrements numerical key value by given number | `decr mykey 5` |
| delete | Deletes an existing key | `delete mykey` |
| flush\_all | Invalidate all items immediately | `flush_all` |
| flush\_all | Invalidate all items in n seconds | `flush_all 900` |
| stats | Prints general statistics | `stats` |
| | Prints memory statistics | `stats slabs` |
| | Print higher level allocation statistics | `stats malloc` |
| | Print info on items | `stats items` |
| | | `stats detail` |
| | | `stats sizes` |
| | Resets statistics counters | `stats reset` |
| lru\_crawler metadump | Dump (most of) the metadata for (all of) the items in the cache | `lru_crawler metadump all` |
| version | Prints server version. | `version` |
| verbosity | Increases log level | `verbosity` |
| quit | Terminate session | `quit` |
#### Traffic Statistics <a href="#traffic-statistics" id="traffic-statistics"></a>
You can query the current traffic statistics using the command
```
stats
```
You will get a listing which serves the number of connections, bytes in/out and much more.
Example Output:
```
STAT pid 14868
STAT uptime 175931
STAT time 1220540125
STAT version 1.2.2
STAT pointer_size 32
STAT rusage_user 620.299700
STAT rusage_system 1545.703017
STAT curr_items 228
STAT total_items 779
STAT bytes 15525
STAT curr_connections 92
STAT total_connections 1740
STAT connection_structures 165
STAT cmd_get 7411
STAT cmd_set 28445156
STAT get_hits 5183
STAT get_misses 2228
STAT evictions 0
STAT bytes_read 2112768087
STAT bytes_written 1000038245
STAT limit_maxbytes 52428800
STAT threads 1
END
```
#### Memory Statistics <a href="#memory-statistics" id="memory-statistics"></a>
You can query the current memory statistics using
```
stats slabs
```
Example Output:
```
STAT 1:chunk_size 80
STAT 1:chunks_per_page 13107
STAT 1:total_pages 1
STAT 1:total_chunks 13107
STAT 1:used_chunks 13106
STAT 1:free_chunks 1
STAT 1:free_chunks_end 12886
STAT 2:chunk_size 100
STAT 2:chunks_per_page 10485
STAT 2:total_pages 1
STAT 2:total_chunks 10485
STAT 2:used_chunks 10484
STAT 2:free_chunks 1
STAT 2:free_chunks_end 10477
[...]
STAT active_slabs 3
STAT total_malloced 3145436
END
```
If you are unsure if you have enough memory for your memcached instance always look out for the “evictions” counters given by the “stats” command. If you have enough memory for the instance the “evictions” counter should be 0 or at least not increasing.
#### Which Keys Are Used? <a href="#which-keys-are-used" id="which-keys-are-used"></a>
There is no builtin function to directly determine the current set of keys. However you can use the
```
stats items
```
command to determine how many keys do exist.
```
stats items
STAT items:1:number 220
STAT items:1:age 83095
STAT items:2:number 7
STAT items:2:age 1405
[...]
END
```
This at least helps to see if any keys are used. To dump the key names from a PHP script that already does the memcache access you can use the PHP code from [100days.de](http://100days.de/serendipity/archives/55-Dumping-MemcacheD-Content-Keys-with-PHP.html).
<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>
{% embed url="https://websec.nl/" %}
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}