Skip to content

hackzaid/go-derper

 
 

Repository files navigation

#1. Name go-derper - Memcache hacking tool #2. Author Marco Slaviero < marco(at)sensepost(dot)com > #3. License, version & release date License : BSD
Version : v1.0
Release Date : 2010

#4. Description go-derper.rb is a tool for hacking memcached servers, released as part of our BlackHat USA. It uses elements of the memcached protocol to derive full lists of keys stored on the memcached server, and can therefore extract the contents of the cache.

In addition, it also supports basic searching of retrieved data via user-configurable regular expressions, fingerprinting of multiple caches, monitoring usage in caches as well as basic cache content manipulations such as value insertion, overwrites and deletion. #5. Usage Extract contents of a cache (defaults to 10 keys per slab)

./go-derper.rb -l -s < hostname >

Extract contents of a cache, using 100 keys per slab

./go-derper.rb -l -K 100 -s < hostname >

Extract contents of a cache, using 100 keys per slab, print out values matching regexes found regexs.txt

./go-derper.rb -l -K 100 -s < hostname > -R regexs.txt

Write back into the cache, the value stored at output/run5-c4ecee795335e7ef662e661974699448

./go-derper.rb -w output/run5-c4ecee795335e7ef662e661974699448 When writing values into the cache, local paths needs to be resolved. Run go-derper from inside it's own root.

Delete the value stored at output/run5-c4ecee795335e7ef662e661974699448

./go-derper.rb -d output/run5-c4ecee795335e7ef662e661974699448 When deleting values from the cache, local paths needs to be resolved. Run go-derper from inside it's own root.

Pull stats from one cache:

./go-derper.rb -s < hostname > -S

Fingerprint multiple caches:

./go-derper.rb -f < host1 >,< host2 >,...,< hostn >

Fingerprint multiple caches stored in a file (one per line):

./go-derper.rb -F < file >

Monitor a single cache to watch changes:

./go-derper.rb -m -s < hostname >

Pull a single key:

./go-derper.rb -k < keyid > -s < hostname > #6. Requirements

  • Ruby (Tested on 1.8.6)
  • memcache-client gem (gem install memcache-client) Note: we include a modified memcache.rb from memcache-client. Thus parts of this package are subject to their BSD license. See memcache-client-license.txt
  • disk space and bandwidth :)

#7. Additional Resources Blog, BlackHat Write-up: go-derper and mining memcaches - http://www.sensepost.com/blog/4873.html

About

Memcache hacking tool.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 100.0%