RedisConf Lightning talk

1. 1
EV1 SHA
Misadventures in the land of Lua

2. Hi. I’m Adam.

4. @adam_baldwin

6. &

7. &

10. 2.6

11. REDIS LUA ENV IN
_G.__redis__compare_helper() coroutine.status() math.frexp() redis.log() ARGV
_G.assert() coroutine.wrap() math.ldexp() redis.pcall() KEYS
_G.collectgarbage() coroutine.yield() math.log() redis.sha1hex() select
_G.getfenv() debug.debug() math.log10() string.byte() gcinfo
_G.getmetatable() debug.getfenv() math.max() string.char() pairs
_G.newproxy() debug.gethook() math.min() string.dump() rawget
_G.next() debug.getinfo() math.mod() string.find() loadstring
_G.pcall() debug.getlocal() math.modf() string.format() ipairs
_G.print() debug.getmetatable() math.pow() string.gfind() dofile
_G.rawequal() debug.getregistry() math.rad() string.gmatch() setfenv
_G.rawset() debug.getupvalue() math.random() string.gsub() load
_G.setmetatable() debug.setfenv() math.randomseed() string.len() error
_G.tonumber() debug.sethook() math.sin() string.lower()
_G.tostring() debug.setlocal() math.sinh() string.match()
_G.type() debug.setmetatable() math.sqrt() string.rep()
_G.unpack() debug.setupvalue() math.tan() string.reverse()
_G.xpcall() debug.traceback() math.tanh() string.sub()
cjson.decode() math.abs() redis.LOG_DEBUG string.upper()
cjson.encode() math.acos() redis.LOG_NOTICE struct.pack()
cjson.encode_keep_buffer() math.asin() redis.LOG_VERBOSE struct.unpack()
cjson.encode_max_depth() math.atan() redis.LOG_WARNING table.concat()
cjson.encode_number_precision() math.atan2() cmsgpack._COPYRIGHT table.foreach()
cjson.encode_sparse_array() math.ceil() cmsgpack._DESCRIPTION table.foreachi()
cjson.refuse_invalid_numbers() math.cos() _VERSION table.getn()
cmsgpack.pack() math.cosh() math.huge table.insert()
cmsgpack.unpack() math.deg() cjson.null table.maxn()
coroutine.create() math.exp() math.pi table.remove()
coroutine.resume() math.floor() cjson.version table.setn()
coroutine.running() math.fmod() redis.call() table.sort()

12. Available Lua
https://gist.github.com/3924845

14. redis.sh

15. REDIS-SHA-
https://github.com/evilpacket/redis-sha-crack

16. 2 6

17. 1805!

18. 111 | Version 2.4.8
105 | Version 2.4.15
102 | Version 2.4.17
96 | Version 2.2.12
93 | Version 2.4.10
75 | Version 2.4.16
74 | Version 2.4.14
65 | Version 2.4.13
51 | Version 2.2.11
46 | Version 2.4.2

19. bind

20. bind

22. Pure Lua MD5
https://gist.github.com/3647908

23. loadfile()
dofile()
debug.d

24. </
PRESENTATION
@adam_baldwin