在某次项目当中发现了一个spring boot的heapdump泄露,无法使用常见的mat分析工具打开。在逛github的时候发现了一个比较好的工具,可对该heapdump提取密码,并且该工具的其他功能比较新颖,打开了heapdump的新玩法。
heapdump_tool:https://github.com/wyzxxz/heapdump_tool
运行环境:java 8
基础使用流程
java -jar heapdump_tool.jar
上面提到两种模式:
1)(search data, may can't find some data, can't use function num=,len=).
2) (load all object, need wait a few minutes).
第一种是不加载,但是可能会损失精度,可能会找不到某些数据,不能用某些条件;第二种是加载所有数据,可以查询heapdump中所有的数据,但是需要花几分钟去加载。更加推荐第二种方法。
以下的查询均是选择第二种加载方法以后的查询
查询密码
查询秘钥相关内容
此功能不仅能查询到是否有存储桶的私钥,也可以查询程序加密所用私钥。
查询内容:文章来源:https://www.toymoban.com/news/detail-433947.html
> secret
[-] Start find keyword: secret
>> Alg.Alias.SecretKeyFactory.OID.1.2.840.113549.1.5.4 -> PBEWITHMD2ANDRC2
>> Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.11 -> PBEWITHSHA1ANDRC2
>> SecretKeyFactory.DES -> com.sun.crypto.provider.DESKeyFactory
>> Alg.Alias.SecretKeyFactory.OID.1.2.840.113549.1.5.11 -> PBEWITHSHA1ANDRC2
>> Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.3 -> PBEWithMD5AndDES
>> Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC -> PBEWITHMD2ANDDES
>> SecretKeyFactory.PBEWITHMD5AND256BITAES-CBC-OPENSSL -> org.bouncycastle.jcajce.provider.symmetric.AES$PBEWithMD5And256BitAESCBCOpenSSL
>> javax/crypto/SecretKey.class -> null
>> SecretKeyFactory.CAMELLIA -> org.bouncycastle.jcajce.provider.symmetric.Camellia$KeyFactory
>> SecretKeyFactory.PBEWithHmacSHA512AndAES_128 -> com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128
>> Alg.Alias.SecretKeyFactory.OID.1.2.410.200046.1.1.12 -> ARIA
>> Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.1 -> PBEWITHMD2ANDDES
>> SecretKeyFactory.PBEWithMD5AndTripleDES -> com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES
>> SecretKeyFactory.PBKDF2WITHHMACSHA384 -> org.bouncycastle.jcajce.provider.symmetric.PBEPBKDF2$PBKDF2withSHA384
>> sun/security/internal/spec/TlsMasterSecretParameterSpec.class -> null
>> SecretKeyFactory.OID.1.3.6.1.4.1.11591.4.11 -> org.bouncycastle.jcajce.provider.symmetric.SCRYPT$ScryptWithUTF8
>> Alg.Alias.SecretKeyFactory.OID.1.3.6.1.4.1.22554.1.2.1.2.1.42 -> PBEWITHSHA256AND256BITAES-CBC-BC
>> com/sun/crypto/provider/TlsMasterSecretGenerator$TlsMasterSecretKey.class -> null
>> SecretKeyFactory.PBKDF2WITHASCII -> org.bouncycastle.jcajce.provider.symmetric.PBEPBKDF2$PBKDF2with8BIT
>> Alg.Alias.SecretKeyFactory.OID.1.2.840.113549.1.12.1.1 -> PBEWithSHA1AndRC4_128
>> SecretKeyFactory.OID.2.16.840.1.101.3.4.1 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyFactory
>> Alg.Alias.SecretKeyFactory.OID.1.2.840.113549.1.12.1.6 -> PBEWithSHA1AndRC2_40
>> Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND192BITAES-CBC-BC -> PBEWITHSHAAND192BITAES-CBC-BC
>> Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5 -> PBEWithSHA1AndRC2_128
>> javax/crypto/SecretKeyFactorySpi.class -> null
>> com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.class -> null
>> SecretKeyFactory.PBEWithSHA1AndRC2_40 -> com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40
>> SecretKeyFactory.PBKDF2WITHHMACSHA3-256 -> org.bouncycastle.jcajce.provider.symmetric.PBEPBKDF2$PBKDF2withSHA3_256
>> SecretKeyFactory.PBKDF2WITHHMACSHA512 -> org.bouncycastle.jcajce.provider.symmetric.PBEPBKDF2$PBKDF2withSHA512
>> SecretKeyFactory.PBEWithHmacSHA224AndAES_256 -> com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256
>> Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.12 -> PBKDF2WithHmac文章来源地址https://www.toymoban.com/news/detail-433947.html
到了这里,关于渗透测试-Spring Heapdump利用技巧的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!