banner
毅种循环

毅种循环

头顶铁锅接收宇宙能量
HomeArchivesNFT 展示关于

Spring Boot Dump file dump utilization

#渗透测试112
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The article discusses security issues related to the widespread use of the Spring Boot framework, particularly unauthorized access to heap dump files which can contain sensitive information like database passwords. The Eclipse Memory Analyzer tool and OQL language can be used to analyze heap dump files and search for specific keywords like passwords. The article warns about the potential risks of unauthorized access to heap dump files and recommends caution when handling them.

One, spring boot#

In daily testing or penetration testing, vulnerabilities like shiro and fastjson are becoming less and less common. However, with the widespread use of the spring boot framework, there are also increasing security issues brought by spring boot. This article only introduces the unauthorized access to heapdump to obtain database passwords and achieve the purpose of connecting to the database. For other spring boot security vulnerabilities, please refer to https://xz.aliyun.com/t/7811
Heap Dump, also known as a heap dump file, is a memory snapshot of a Java process at a certain point in time. Heap Dump has multiple types. However, in general, heap dump saves information about Java objects and classes when the snapshot is triggered. Usually, a FullGC is triggered before writing the heap dump file, so the heap dump file contains information about the objects left after FullGC. For more details, please refer to: https://blog.csdn.net/hehmxy/article/details/89114116

Two, unauthorized access#

The security issues caused by unauthorized access to spring boot are still quite serious, and issues like env leakage can even lead to RCE.
During a test, it was discovered that the heapdump file could be downloaded by scanning the directory. By using the mat tool to analyze the heapdump file, sensitive information stored in memory can be obtained.

image
Accessing the file allows for downloading
image

Three, related tools and syntax#

Eclipse Memory Analyzer is a fast and feature-rich Java heap analyzer that can be used to find memory leaks and reduce memory consumption.
Download link: https://www.eclipse.org/mat/

Four, OQL#

OQL is a SQL-like query language used to query the Java heap. OQL allows for filtering/selecting information obtained from the Java heap. Although HAT already supports predefined queries, such as "display all instances of class X", OQL adds more flexibility. OQL is based on the JavaScript expression language.

Five, analyzing heapdump#

Drag the heapdump file into mat, and after analyzing the file, it should look like this
image
But here, pay attention to a pit, it is recommended to decompress the dump file in a different directory, otherwise a bunch of files will be analyzed and returned.

image
Use the OOL button here to query

image

Syntax:

select * from java.util.Hashtable$Entry x WHERE (toString(x.key).contains("password"))

or:

select * from java.util.Hashtable$Entry x WHERE (toString(x.key).contains("keyword to query the attribute"))         //1.x
select * from java.util.LinkedHashMap$Entry x WHERE (toString(x.key).contains("password"))          //2.x

image
You can query the database account passwords contained in the memory file, and if the IP address is externally accessible, you can utilize it.

Some GitHub tools already support running shiro keys, so the details of this article are limited.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.