redis漏洞如何查找 redis漏洞汇总

主机教程 建站分享 2年前 (2022-12-20) 186次浏览

文章摘要:redis漏洞如何查找 redis漏洞汇总

redis漏洞的查找方法: Redis未授权检测小工具,代码: #!/usr/bin/python3 # -* […]

redis漏洞的查找方法:

Redis未授权检测小工具,代码:

#!/usr/bin/python3

# -*- coding: utf-8 -*-

"""

@Author: r0cky

@Time: 2019/9/2-17:35

"""

import socket

import sys

passwds = ['redis','root','oracle','password','p@ssw0rd','abc123!','123456','admin','abc123']

def check(ip, port, timeout):

try:

socket.setdefaulttimeout(timeout)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

print u"[INFO] connecting " + ip + u":" + port

s.connect((ip, int(port)))

print u"[INFO] connected "+ip+u":"+port+u" hacking..."

s.send("INFO
")

result = s.recv(1024)

if "redis_version" in result:

return u"[HACKED] 未授权访问"

elif "Authentication" in result:

for passwd in passwds:

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect((ip, int(port)))

s.send("AUTH %s
" %(passwd))

# print u"[HACKING] hacking to passwd --> "+passwd

result = s.recv(1024)

if 'OK' in result:

return u"[HACKED] 存在弱口令,密码:%s" % (passwd)

s.close()

except Exception, e:

if len(e.message) != 0:

print u"[ERROR] "+e.message

return u"[INFO] 目标Redis服务,暂不存在未授权和弱口令漏洞!"

if __name__ == '__main__':

ip=sys.argv[1]

# default Port

port="6379"

if len(sys.argv) >= 3:

port=sys.argv[2]

result = check(ip,port, timeout=10)

print result

if "HACKED" in result:

print u"[END] Start your hacking journey !!!"

使用方法:

在客户端输入格式如:”python27 redis_scan.py [目标IP] [指定端口](可以不写)“。


声明:
若非注明,本站文章源于互联网收集整理和网友分享发布,如有侵权,请联系站长处理。
文章名称:redis漏洞如何查找 redis漏洞汇总
文章链接:http://www.7966.org/post/16997.html
转载请注明出处

喜欢 (0)