-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Redis Service Reporting #19283
Fix Redis Service Reporting #19283
Conversation
@adeherdt-r7 Looks like this is missing parts of the PR template, specifically the replication steps - which is useful for future travellers to understand more about how to setup their environment for testing and verifying the issue: https://github.com/rapid7/metasploit-framework/blob/master/.github/PULL_REQUEST_TEMPLATE.md Does this PR need to make changes to the existing automated tests to verify this change in behavior too? 👀 |
It'd be great to squash down the commits too as part of this PR to help clean up things a bit; the rationale being, some of the later commits are undoing work from the previous commits - so they could just be merged to help tidy things up 👍 |
Updated the template usage for the pull request description. |
2b0a95e
to
a640b59
Compare
I updated the verification steps a bit in the description No auth 🟢
Auth 🔴
The auth scenario being broken is not a blocker for me as it's unrelated; and we can circle back to that. We do have better testing infrastructure available to us now, so we can fix this up and add integration tests separately. Edit: Looks like this introduces a regression even after the above is fixed, so we'll want to fix this PR |
Fixing the creds collection exception; gives me exceptions against a newer redis version due to status being nil:
Putting a breakpoint into validate_login shows
Which causes a npe in the module:
On the strip here:
|
Waiting on #19284 to be merged down to resolve the password problems. |
a1eb197
to
8eeaf1b
Compare
Updated the pullrequest description with examples, rebased to pull in the fixes and address the code concerns. |
Preliminary pull request to resolve an issue with a service not being properly detected for Redis. * Ensure service name is properly passed down when detecting vulnerabilities * Ensure Redis properly detects no-auth requirements
8eeaf1b
to
51176e7
Compare
No auth 🟢
Valid cred 🟢
Invalid cred 🟢
Services 🍏
We don't store |
Release notesFixes the |
@@ -158,7 +160,9 @@ def report_vuln(opts) | |||
sname = opts[:proto] | |||
end | |||
|
|||
service = host.services.where(port: opts[:port].to_i, proto: proto).first_or_create | |||
services = host.services.where(port: opts[:port].to_i, proto: proto) | |||
services = services.where(name: sname) if sname.present? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We might need to change this again in the future; if multiple calls to this API have different snames
present - odd behavior may occur
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I'm actually wondering if this is closer to what we want:
Mdm::Host.first.services.where(port: 6379, proto: 'tcp').first_or_create(name: 'redis')
So we still want to support a generic lookup of not needing to provide sname, but still being able to assign a service name to a created service it's not already created.
Although that still doesn't handle the scenario of an existing service with a nil name being present, and a caller having a valid sname that it could be set to. So maybe there isn't a nice oner liner that would work here
Preliminary pull request to resolve an issue with a service not being properly detected for Redis.
Verification
List the steps needed to make sure this thing works
Run redis in docker without auth:
If needing to configure redis for auth
msfconsole
use auxiliary/scanner/redis/redis_login
run RHOSTS=127.0.0.1
if no authrun RHOSTS=127.0.0.1 username=default password=p4$$w0rd
if auth enabled