Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/xmsec/redis-ssrf

redis ssrf gopher generater & redis ssrf to rce by master-slave-sync
https://github.com/xmsec/redis-ssrf

Last synced: 22 days ago
JSON representation

redis ssrf gopher generater & redis ssrf to rce by master-slave-sync

Host: GitHub
URL: https://github.com/xmsec/redis-ssrf
Owner: xmsec
License: apache-2.0
Created: 2019-07-20T03:28:55.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2020-10-01T08:08:38.000Z (about 4 years ago)
Last Synced: 2024-08-05T17:36:52.645Z (4 months ago)
Language: Python
Homepage:
Size: 13.7 KB
Stars: 79
Watchers: 1
Forks: 18
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - xmsec/redis-ssrf - redis ssrf gopher generater & redis ssrf to rce by master-slave-sync (Python)

README

        # redis-ssrf

1. ssrf to write files. eg: webshell and ssh key

2. ssrf to rce 4.x - 5.x

## Requirements

ssrf-redis.py :  python2.x 3.x 

rogue-server.py :  python2.x  (lazy

## Usage

implememt for demo.

plz read generate_payload function and change payload.

for rce usage:

1. change lhost, lport and command, then    

`> python ssrf-redis.py`    

`> gopher://xxxxx`     

2. triger ssrf

3. meanwhile on vps    

`> python rogue-server.py`   

`> Accepted connection from 192.168.x.x`

(Need to compile a module named exp.so at first or download other's and store it with rogue-server.py)

## Reference

Inspired by https://github.com/n0b0dyCN/redis-rogue-server

Also, modified from https://xz.aliyun.com/t/5665