From b0e45341e5fb24e27afe563a10e26efa64a902f1 Mon Sep 17 00:00:00 2001 From: Jon Hart Date: Wed, 31 Aug 2016 14:27:18 -0700 Subject: [PATCH] Update redis file_upload to optionally FLUSHALL before writing This increases the chances that the uploaded file will be usable as-is rather than being surround by the data in redis itself. --- modules/auxiliary/scanner/redis/file_upload.rb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/auxiliary/scanner/redis/file_upload.rb b/modules/auxiliary/scanner/redis/file_upload.rb index fcdf313df9..56da8a1937 100644 --- a/modules/auxiliary/scanner/redis/file_upload.rb +++ b/modules/auxiliary/scanner/redis/file_upload.rb @@ -40,7 +40,8 @@ class MetasploitModule < Msf::Auxiliary [ OptPath.new('LocalFile', [false, 'Local file to be uploaded']), OptString.new('RemoteFile', [false, 'Remote file path']), - OptBool.new('DISABLE_RDBCOMPRESSION', [true, 'Disable compression when saving if found to be enabled', true]) + OptBool.new('DISABLE_RDBCOMPRESSION', [true, 'Disable compression when saving if found to be enabled', true]), + OptBool.new('FLUSHALL', [true, 'Run flushall to remove all redis data before saving', false]) ] ) end @@ -83,6 +84,13 @@ class MetasploitModule < Msf::Auxiliary end end + if datastore['FLUSHALL'] + data = redis_command('FLUSHALL') + unless data.include?('+OK') + print_warning("#{peer} -- failed to flushall(); continuing") + end + end + # set a key in this db that contains our content # XXX: this does not work well (at all) if the content we are uploading is # multiline. It also probably doesn't work well if the content isn't