Class: Metasploit::Framework::LoginScanner::Redis

Inherits:
Object
  • Object
show all
Includes:
Base, RexSocket, Tcp::Client
Defined in:
lib/metasploit/framework/login_scanner/redis.rb

Overview

This is the LoginScanner class for dealing with REDIS. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results.

Constant Summary collapse

DEFAULT_PORT =
6379
LIKELY_PORTS =
[ DEFAULT_PORT ]
LIKELY_SERVICE_NAMES =
[ 'redis' ]
PRIVATE_TYPES =
[ :password ]
REALM_KEY =
nil

Instance Attribute Summary

Attributes included from Tcp::Client

#max_send_size, #send_delay, #sock

Instance Method Summary collapse

Methods included from Tcp::Client

#chost, #connect, #cport, #disconnect, #proxies, #rhost, #rport, #set_tcp_evasions, #ssl, #ssl_version

Instance Method Details

#attempt_login(credential) ⇒ Metasploit::Framework::LoginScanner::Result

This method attempts a single login with a single credential against the target

Parameters:

  • credential (Credential)

    The credential object to attempt to login with

Returns:


37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'lib/metasploit/framework/login_scanner/redis.rb', line 37

def (credential)
  result_options = {
    credential: credential,
    status: Metasploit::Model::Login::Status::INCORRECT,
    host: host,
    port: port,
    protocol: 'tcp',
    service_name: 'redis'
  }

  disconnect if self.sock

  begin
    connect
    select([sock], nil, nil, 0.4)

    command = redis_proto(['AUTH', "#{credential.private}"])
    sock.put(command)
    result_options[:proof] = sock.get_once

    # No password      - ( -ERR Client sent AUTH, but no password is set\r\n )
    # Invalid password - ( -ERR invalid password\r\n )
    # Valid password   - (+OK\r\n)

    if result_options[:proof] && result_options[:proof] =~ /but no password is set/i
      result_options[:status] = Metasploit::Model::Login::Status::NO_AUTH_REQUIRED
    elsif result_options[:proof] && result_options[:proof] =~ /^-ERR invalid password/i
      result_options[:status] = Metasploit::Model::Login::Status::INCORRECT
    elsif result_options[:proof] && result_options[:proof][/^\+OK/]
      result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
    end

  rescue Rex::ConnectionError, EOFError, Timeout::Error, Errno::EPIPE => e
    result_options.merge!(
      proof: e,
      status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
    )
  end
  disconnect if self.sock
  ::Metasploit::Framework::LoginScanner::Result.new(result_options)
end

#redis_proto(command_parts) ⇒ Object

This method can create redis command which can be read by redis server


25
26
27
28
29
30
31
32
# File 'lib/metasploit/framework/login_scanner/redis.rb', line 25

def redis_proto(command_parts)
  return if command_parts.blank?
  command = "*#{command_parts.length}\r\n"
  command_parts.each do |p|
    command << "$#{p.length}\r\n#{p}\r\n"
  end
  command
end