Gopherus – Tool for Exploiting SSRF and gaining RCE

Gopherus SSRF to RCE with Reverse Shell - Tool for Exploiting SSRF and gaining RCE

Gopherus

If you know a place which is SSRF vulnerable then, this tool will help you to generate Gopher payload for exploiting SSRF (Server Side Request Forgery) and gaining RCE (Remote Code Execution). And also it will help you to get the Reverse shell on the victim server. If you want to brute forcing SSRF parameter you can use the tool called Lorsrf

Payloads

This tool can generate payload for following:

  1. MySQL (Port-3306)
  2. PostgreSQL(Port-5432)
  3. FastCGI (Port-9000)
  4. Memcached (Port-11211)
    • If stored data is getting De-serialized by:
      • Python
      • Ruby
      • PHP
  5. Redis (Port-6379)
  6. Zabbix (Port-10050)
  7. SMTP (Port-25)

Installation

git clone https://github.com/tarunkant/Gopherus.git cd Gopherus chmod +x install.sh

sudo ./install.sh

Usage

CommandDescription
gopherus –help Help
gopherus –exploit Arguments can be :
–exploit mysql
–exploit postgresql
–exploit fastcgi
–exploit redis
–exploit zabbix
–exploit pymemcache
–exploit rbmemcache
–exploit phpmemcache
–exploit dmpmemcache
–exploit smtp
Gopherus Exploit Mysql Database with SSRF - Tool for Exploiting SSRF and gaining RCE

Examples

  • MySQL: If the user is not protected with password you can dump his database and also you can put malicious files in his system.
    • gopherus --exploit mysql

      It only asks username of the MySQL user and it will provide you gopher link.

  • PostgreSQL: If the user is not protected with password you can dump his database and also you can put malicious files in his system.
    • gopherus --exploit postgresql

It only asks username of the Postgres user and database name then it will provide you gopher link.

  • Redis: If redis port is open then we can overwrite the file in the system which is too dangerous.
    So here is two things you can get:
    a. Reverse Shell
    b. PHP Shell
    • gopherus --exploit redis
  • SMTP: If port 25 is open and we can access it then, we can send message to anyone as victim user, So this tool will generate gopher payload for sending mail.
    • gopherus --exploit smtp

Author

Tarunkant Gupta (SpyD3r)


You May Also Like

Leave a Reply

Your email address will not be published.

4 − 3 =