Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issue in Redis modules when run against authenticated instances #15114

Merged
merged 1 commit into from
Apr 29, 2021
Merged

Fix issue in Redis modules when run against authenticated instances #15114

merged 1 commit into from
Apr 29, 2021

Conversation

smashery
Copy link
Contributor

@smashery smashery commented Apr 29, 2021
edited
Loading

Redis modules that use the redis_command method fail when authentication is present on the Redis instance. By adding in extra error logging, we can see the cause:

msf6 auxiliary(scanner/redis/file_upload) > run                                                                   
                                                                                                                  
[-] 127.0.0.1:6379        - Auxiliary failed: NameError undefined local variable or method `auth_response' for #<Msf::Modules::Auxiliary__Scanner__Redis__File_upload::MetasploitModule:0x000055b2fe31c638>
Did you mean?  author_to_s                       [-] 127.0.0.1:6379        - Call stack:                                                                           
[-] 127.0.0.1:6379        -   /home/smash/git/metasploit-framework/lib/msf/core/auxiliary/redis.rb:57:in `redis_command'
[-] 127.0.0.1:6379        -   /home/smash/git/metasploit-framework/modules/auxiliary/scanner/redis/file_upload.rb:122:in `check'
[-] 127.0.0.1:6379        -   /home/smash/git/metasploit-framework/modules/auxiliary/scanner/redis/file_upload.rb:158:in `run_host'
[-] 127.0.0.1:6379        -   /home/smash/git/metasploit-framework/lib/msf/core/auxiliary/scanner.rb:121:in `block (2 levels) in run'
[-] 127.0.0.1:6379        -   /home/smash/git/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[*] Auxiliary module execution completed

This was a result of moving the regex into a constant, which broke named captures:

20f4050#diff-93e4bb8f08966b468043dde216d65c0afa081c6e530193b2e6578b96e8aa8103

@smashery
Fix issue in Redis modules when run against authenticated instances.
fc725e1 
The named regex capture no longer worked since it was moved into a constant value.
@smashery smashery added the bug label Apr 29, 2021
@smashery
Copy link
Contributor Author

To reproduce the issue, create a redis service with a password. An easy way to do that is using the Redis docker container:

docker run -d -p 6379:6379 --name redis redis --requirepass abcde

Then in MSF:

> use auxiliary/gather/redis_extractor
> set rhosts localhost
> set password abcde
> run

@adfoster-r7
Copy link
Contributor

Tested with scanner/redis/file_upload and auxiliary/gather/redis_extractor, and it's working great - thanks! 👍

@adfoster-r7 adfoster-r7 merged commit 5f57a1a into rapid7:master Apr 29, 2021
@adfoster-r7
Copy link
Contributor

adfoster-r7 commented Apr 29, 2021
edited by pbarry-r7
Loading

Release Notes

Updated the auxiliary/scanner/redis/file_upload module to correctly handle Redis instances which require authenticated access.

@adfoster-r7 adfoster-r7 added the rn-fix release notes fix label Apr 29, 2021
@smashery smashery deleted the redis_auth_fix branch November 8, 2021 04:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@smashery @adfoster-r7