Skip to content
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Damn Vulnerable Redis Container

It's known there are security issues with running redis without authentication (which is the default behavior). Others have shown exposing redis on a port can lead to RCE (in this example, only if ssh is exposed). Others have also shown you can run Redis commands via CSRF.

This docker image runs Redis and SSH, and provides a CSRF example, which will write your SSH key to the authorized_keys file, even if redis is not exposed, allowing an attacker to log in.


Build the docker image

docker build -t redis .

Run the container, forwarding redis ports and ssh ports (ssh is forwarded onto port 2222 for simplicity)

docker run -p -p -t redis

You should now have redis running on port 6379 and ssh on 2222. Try logging into port 2222 and you should be greeted with a password prompt

$ ssh testuser@localhost -p 2222
testuser@localhost's password: 

Visit in Firefox (not currently sure why this doesn't work in chrome, pull requests welcome), paste your SSH key in, and submit it. You should now be able to log into port 2222 without a password.

$ ssh testuser@localhost -p 2222
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.19.0-65-generic x86_64)

 * Documentation:
Last login: Sun Sep 11 00:59:35 2016 from


Servers or dev machines running Redis unathenticated internally with SSH externally exposed can be compromised by getting a victim to visit a malicious link.


An example of obtaining RCE via Redis and CSRF




No releases published


No packages published