13 KiB
Memcache Commands
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Commands Cheat-Sheet
From https://lzone.de/cheat-sheet/memcached
The supported commands (the official ones and some unofficial) are documented in the doc/protocol.txt document.
Sadly the syntax description isn’t really clear and a simple help command listing the existing commands would be much better. Here is an overview of the commands you can find in the source (as of 19.08.2016):
Command | Description | Example |
---|---|---|
get | Reads a value | get mykey |
set | Set a key unconditionally |
|
add | Add a new key | add newkey 0 60 5 |
replace | Overwrite existing key | replace key 0 60 5 |
append | Append data to existing key | append key 0 60 15 |
prepend | Prepend data to existing key | prepend key 0 60 15 |
incr | Increments numerical key value by given number | incr mykey 2 |
decr | Decrements numerical key value by given number | decr mykey 5 |
delete | Deletes an existing key | delete mykey |
flush_all | Invalidate all items immediately | flush_all |
flush_all | Invalidate all items in n seconds | flush_all 900 |
stats | Prints general statistics | stats |
Prints memory statistics | stats slabs |
|
Print higher level allocation statistics | stats malloc |
|
Print info on items | stats items |
|
stats detail |
||
stats sizes |
||
Resets statistics counters | stats reset |
|
lru_crawler metadump | Dump (most of) the metadata for (all of) the items in the cache | lru_crawler metadump all |
version | Prints server version. | version |
verbosity | Increases log level | verbosity |
quit | Terminate session | quit |
Traffic Statistics
You can query the current traffic statistics using the command
stats
You will get a listing which serves the number of connections, bytes in/out and much more.
Example Output:
STAT pid 14868
STAT uptime 175931
STAT time 1220540125
STAT version 1.2.2
STAT pointer_size 32
STAT rusage_user 620.299700
STAT rusage_system 1545.703017
STAT curr_items 228
STAT total_items 779
STAT bytes 15525
STAT curr_connections 92
STAT total_connections 1740
STAT connection_structures 165
STAT cmd_get 7411
STAT cmd_set 28445156
STAT get_hits 5183
STAT get_misses 2228
STAT evictions 0
STAT bytes_read 2112768087
STAT bytes_written 1000038245
STAT limit_maxbytes 52428800
STAT threads 1
END
Memory Statistics
You can query the current memory statistics using
stats slabs
Example Output:
STAT 1:chunk_size 80
STAT 1:chunks_per_page 13107
STAT 1:total_pages 1
STAT 1:total_chunks 13107
STAT 1:used_chunks 13106
STAT 1:free_chunks 1
STAT 1:free_chunks_end 12886
STAT 2:chunk_size 100
STAT 2:chunks_per_page 10485
STAT 2:total_pages 1
STAT 2:total_chunks 10485
STAT 2:used_chunks 10484
STAT 2:free_chunks 1
STAT 2:free_chunks_end 10477
[...]
STAT active_slabs 3
STAT total_malloced 3145436
END
If you are unsure if you have enough memory for your memcached instance always look out for the “evictions” counters given by the “stats” command. If you have enough memory for the instance the “evictions” counter should be 0 or at least not increasing.
Which Keys Are Used?
There is no builtin function to directly determine the current set of keys. However you can use the
stats items
command to determine how many keys do exist.
stats items
STAT items:1:number 220
STAT items:1:age 83095
STAT items:2:number 7
STAT items:2:age 1405
[...]
END
This at least helps to see if any keys are used. To dump the key names from a PHP script that already does the memcache access you can use the PHP code from 100days.de.
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.