Gopherus: generates gopher link for exploiting SSRF and gaining RCE

Gopherus

If you know a place which is SSRF vulnerable then, this tool will help you to generate Gopher payload for exploiting SSRF (Server Side Request Forgery) and gaining RCE (Remote Code Execution). And also it will help you to get the Reverse shell on the victim server.
And you can get a blog on the same Blog on Gopherus

This tool can generate payload for following:

  1. MySQL (Port-3306)
  2. FastCGI (Port-9000)
  3. Memcached (Port-11211)
    If stored data is getting De-serialized by:
    * Python
    * Ruby
    * PHP
  4. Redis (Port-6379)
  5. Zabbix (Port-10050)
  6. SMTP (Port-25)

Installation

git clone https://github.com/tarunkant/Gopherus.git
cd Gopherus
chmod +x install.sh
sudo ./install.sh

Usage

CommandDescription
gopherus –helpHelp
gopherus –exploitArguments can be :
–exploit mysql
–exploit fastcgi
–exploit redis
–exploit zabbix
–exploit pymemcache
–exploit rbmemcache
–exploit phpmemcache
–exploit dmpmemcache
–exploit smtp

Gopherus

Tutorial

Copyright (c) 2018 Tarunkant Gupta

Source: https://github.com/tarunkant/

 

Read more…

 

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

Leave a Reply

SC ProDefence SRL - Cyber Security Services