docker搭建redis未授权访问漏洞环境
Posted hell0_w
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了docker搭建redis未授权访问漏洞环境相关的知识,希望对你有一定的参考价值。
这是redis未授权访问漏洞环境,可以使用该环境练习重置/etc/passwd文件从而重置root密码
环境我已经搭好放在了docker hub
可以使用命令docker search ju5ton1y来搜索该镜像
构建好容器之后需进入容器对ssh服务重启
/etc/init.d/ssh restart
Dockerfile如下:
#Redis is not authorized to access # Base image to use, this nust be set as the first line FROM ubuntu:16.04 # Maintainer: docker_user <docker_user at email.com> (@docker_user) MAINTAINER ju5ton1y RUN echo "deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse" > /etc/apt/sources.list RUN apt-get update RUN apt-get install -y openssh-server make gcc #RUN wget http://download.redis.io/releases/redis-3.2.11.tar.gz COPY redis-3.2.11.tar.gz ./ RUN tar xzf redis-3.2.11.tar.gz RUN cd redis-3.2.11 && make && cd src && cp redis-server /usr/bin && cp redis-cli /usr/bin ADD redis.conf /etc/redis.conf ADD sshd_config /etc/ssh/sshd_config EXPOSE 6379 22 RUN /etc/init.d/ssh restart CMD ["redis-server", "/etc/redis.conf"]
完整项目地址:https://github.com/justonly1/DockerRedis
以上是关于docker搭建redis未授权访问漏洞环境的主要内容,如果未能解决你的问题,请参考以下文章