Coder Social home page Coder Social logo

go-derper's Introduction

#1. Name go-derper - Memcache hacking tool #2. Author Marco Slaviero < marco(at)sensepost(dot)com > #3. License, version & release date License : BSD
Version : v1.0
Release Date : 2010

#4. Description go-derper.rb is a tool for hacking memcached servers, released as part of our BlackHat USA. It uses elements of the memcached protocol to derive full lists of keys stored on the memcached server, and can therefore extract the contents of the cache.

In addition, it also supports basic searching of retrieved data via user-configurable regular expressions, fingerprinting of multiple caches, monitoring usage in caches as well as basic cache content manipulations such as value insertion, overwrites and deletion. #5. Usage Extract contents of a cache (defaults to 10 keys per slab)

./go-derper.rb -l -s < hostname >

Extract contents of a cache, using 100 keys per slab

./go-derper.rb -l -K 100 -s < hostname >

Extract contents of a cache, using 100 keys per slab, print out values matching regexes found regexs.txt

./go-derper.rb -l -K 100 -s < hostname > -R regexs.txt

Write back into the cache, the value stored at output/run5-c4ecee795335e7ef662e661974699448

./go-derper.rb -w output/run5-c4ecee795335e7ef662e661974699448 When writing values into the cache, local paths needs to be resolved. Run go-derper from inside it's own root.

Delete the value stored at output/run5-c4ecee795335e7ef662e661974699448

./go-derper.rb -d output/run5-c4ecee795335e7ef662e661974699448 When deleting values from the cache, local paths needs to be resolved. Run go-derper from inside it's own root.

Pull stats from one cache:

./go-derper.rb -s < hostname > -S

Fingerprint multiple caches:

./go-derper.rb -f < host1 >,< host2 >,...,< hostn >

Fingerprint multiple caches stored in a file (one per line):

./go-derper.rb -F < file >

Monitor a single cache to watch changes:

./go-derper.rb -m -s < hostname >

Pull a single key:

./go-derper.rb -k < keyid > -s < hostname > #6. Requirements

  • Ruby (Tested on 1.8.6)
  • memcache-client gem (gem install memcache-client) Note: we include a modified memcache.rb from memcache-client. Thus parts of this package are subject to their BSD license. See memcache-client-license.txt
  • disk space and bandwidth :)

#7. Additional Resources Blog, BlackHat Write-up: go-derper and mining memcaches - http://www.sensepost.com/blog/4873.html

go-derper's People

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.