04-redis未授权扫描模块

发表于 | 分类于 | 阅读数

需要的资料

课程结构

  • shodan被动信息搜集,寻找有redis服务的主机
  • metasploit改插件,判断是否存在redis漏洞
  • 验证漏洞扫描结果
  • 总结

录制的视频

msf开发实践(一)redis未授权扫描模块

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::Tcp
  include Msf::Auxiliary::Redis
  include Msf::Auxiliary::Report
  include Msf::Auxiliary::Scanner

  def initialize(info = {})
    super(update_info(info,
      'Name'         => 'Redis Unauthorized Scanner',
      'Description'  => %q(
        This module finds Redis Unauthorized vulnerability.
      ),
      'Author'       => [ 'weaponmaster3070@gmail.com', 'whale3070' ],
      'License'      => MSF_LICENSE))

    register_options(
      [
        Opt::RPORT(6379),
        OptString.new('COMMAND', [ true, 'The Redis command to run', 'INFO' ])
      ]
    )
  end

  def command
    datastore['COMMAND']
  end

  def run_host(_ip)
    vprint_status("Contacting redis")
    begin
      connect  #Establishes a TCP connection to the specified RHOST/RPORT
      return unless (data = redis_command(command))
      #puts data
      if data["redis_version"]
          report_service(host: rhost, port: rport, name: "redis server", info: "#{command} response: #{data}") #store in the msf database
          print_good("Found redis with #{command} command: #{Rex::Text.to_hex_ascii(data)}")
      else 
          puts '[-]not found redis_Unauthorized' 
      end

    rescue Rex::AddressInUse, Rex::HostUnreachable, Rex::ConnectionTimeout,
           Rex::ConnectionRefused, ::Timeout::Error, ::EOFError, ::Errno::ETIMEDOUT => e
      vprint_error("Error while communicating: #{e}")
    ensure
      disconnect
    end
  end
end

下一步计划

编写weblogic扫描模块