斯人若彩虹,遇上方知有
0x01 Redis介绍
Redis是一个使用ANSI C编写的开源、支持网络、基于内存、可选持久性的键值(key-value)对存储 (store) 数据库。(基于 BSD 许可的,高级键值 (key-value) 缓存 (cache) 和存储 (store) 系统。)从2015年6月开始,Redis的开发由Redis Labs赞助,而2013年5月至2015年6月期间,其开发由Pivotal赞助。)在2013年5月之前,其开发由VMware赞助。根据月度排行网站DB-Engines.com的数据显示,Redis是最流行的键值对存储数据库。由于 Redis 的键包括 string,hash,list,set,sorted set,bitmap 和 hyperloglog,所以常常被称为数据结构服务器。
Redis因配置不当可以未授权访问。攻击者无需认证访问到内部数据,可导致敏感信息泄露,也可以恶意执行flushall来清空所有数据。
0x02 环境搭建
1 | #靶机:CentOS7.0 |
0x03 漏洞复现
0x04 填坑过程
安装Redis-3.2.0时报错:
make[1]: Entering directory `/home/fanson/redis-3.2.0/src’
CC adlist.o
In file included from adlist.c:34:0:
zmalloc.h:50:31: fatal error: jemalloc/jemalloc.h: No such file or directory
include <jemalloc/jemalloc.h>
compilation terminated.
make[1]: [adlist.o] Error 1
make[1]: Leaving directory `/home/fanson/redis-3.2.0/src’
make: [all] Error 2
解决方法
Allocator
Selecting a non-default memory allocator when building Redis is done by setting the MALLOC environment variable. Redis is compiled and linked against libc malloc by default, with the exception of jemalloc being the default on Linux systems. This default was picked because jemalloc has proven to have fewer
fragmentation problems than libc malloc. To force compiling against libc malloc, use:
make MALLOC=libc
To compile against jemalloc on Mac OS X systems, use:
make MALLOC=jemalloc
0x05 参考文献
https://www.anquanke.com/post/id/170360
https://uknowsec.cn/posts/notes/Redis%E5%9C%A8Windows%E7%8E%AF%E5%A2%83%E4%B8%8BGetshell.html