碼上快樂

相關內容    簡體    繁體

ES破解x-pack

本文轉載自   查看原文   2020-04-05 13:16   606    elk

elasticsearch安裝路徑

/home/elastic/elasticsearch-7.5.1/

文件

/home/elastic/elasticsearch-7.5.1/modules/x-pack-core/x-pack-core-7.5.1.jar

1、下載反編譯軟件Luyten

破解x-pack-core-7.5.1.jar需要反編譯工具Luyten(https://github.com/deathmarine/Luyten/releases),我們可以前往下載地址下載Luyten工具。
我們這里下載Luyten.exe windows版本,下載下來后打開,並將x-pack-core-7.5.1.jar文件拖進去,即可展開jar包的源代碼了。

2、修改X-pack源碼文件

在Luyten工具中我們需要把2個文件提取出來進行修改。org.elasticsearch.license.LicenseVerifier和org.elasticsearch.xpack.core.XPackBuild。

導出LicenseVerifier.class文件為LicenseVerifier.java源碼文件,導出XPackBuild.class文件為XPackBuild.java源碼文件

1. 修改LicenseVerifier.java

LicenseVerifier中有兩個靜態方法,這就是驗證授權文件是否有效的方法,把它修改為全部返回true.

修改后的文檔如下:

 

package org.elasticsearch.license;

import java.nio.*;
import org.elasticsearch.common.bytes.*;
import java.security.*;
import java.util.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.core.internal.io.*;
import java.io.*;

public class LicenseVerifier
{
    public static boolean verifyLicense(final License license, final byte[] publicKeyData) {
        return true;
    }
    
    public static boolean verifyLicense(final License license) {
        return true;
    }
}

2. 修改XPackBuild.java

XPackBuild中最后一個靜態代碼塊中try的部分全部刪除,這部分會驗證jar包是否被修改.

修改后的文檔如下:

package org.elasticsearch.xpack.core;

import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;

public class XPackBuild
{
    public static final XPackBuild CURRENT;
    private String shortHash;
    private String date;
    
    @SuppressForbidden(reason = "looks up path of xpack.jar directly")
    static Path getElasticsearchCodebase() {
        final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
        try {
            return PathUtils.get(url.toURI());
        }
        catch (URISyntaxException bogus) {
            throw new RuntimeException(bogus);
        }
    }
    
    XPackBuild(final String shortHash, final String date) {
        this.shortHash = shortHash;
        this.date = date;
    }
    
    public String shortHash() {
        return this.shortHash;
    }
    
    public String date() {
        return this.date;
    }
    
    static {
        CURRENT = new XPackBuild("Unknown", "Unknown");
    }
}

或者這樣:

package org.elasticsearch.xpack.core;

import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;

public class XPackBuild
{
    public static final XPackBuild CURRENT;
    private String shortHash;
    private String date;
    
    @SuppressForbidden(reason = "looks up path of xpack.jar directly")
    static Path getElasticsearchCodebase() {
        final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
        try {
            return PathUtils.get(url.toURI());
        }
        catch (URISyntaxException bogus) {
            throw new RuntimeException(bogus);
        }
    }
    
    XPackBuild(final String shortHash, final String date) {
        this.shortHash = shortHash;
        this.date = date;
    }
    
    public String shortHash() {
        return this.shortHash;
    }
    
    public String date() {
        return this.date;
    }
    
    static {
        final Path path = getElasticsearchCodebase();
        String shortHash = null;
        String date = null;
        Label_0109: {
            shortHash = "Unknown";
            date = "Unknown";
        }
        CURRENT = new XPackBuild(shortHash, date);
    }
}

3. 生成.class文件

上述LicenseVerifier.java和XPackBuild.java兩個文件修改完成后,需要將其復制到elasticsearch服務器上並編譯成class文件,然后打包到x-pack-core-7.5.1.jar中。這里將這2個文件放到了/opt目錄下。

# 生成LicenseVerifier.class文件
javac -cp "$ELASTIC_HOME/lib/elasticsearch-7.5.1.jar:$ELASTIC_HOME/lib/lucene-core-8.1.0.jar:$ELASTIC_HOME/modules/x-pack-core/x-pack-core-7.5.1.jar:$ELASTIC_HOME/modules/x-pack-core/netty-common-4.1.36.Final.jar:$ELASTIC_HOME/lib/elasticsearch-core-7.5.1.jar" /opt/LicenseVerifier.java

# 生成XPackBuild.class文件
javac -cp "$ELASTIC_HOME/lib/elasticsearch-7.5.1.jar:$ELASTIC_HOME/lib/lucene-core-8.1.0.jar:$ELASTIC_HOME/modules/x-pack-core/x-pack-core-7.5.1.jar:$ELASTIC_HOME/lib/elasticsearch-core-7.5.1.jar" /opt/XPackBuild.java

# 查看編譯后的文件
LicenseVerifier.class
XPackBuild.class

 

4. 替換LicenseVerifier.class和XPackBuild.class

把$ELASTIC_HOME/modules/x-pack-core/目錄下的x-pack-core-7.5.1.jar提取出來,放到/opt/tmp目錄中。

cp $ELASTIC_HOME/modules/x-pack-core/x-pack-core-7.5.1.jar /opt/tmp
cd /opt/tmp
# 解壓x-pack-core-7.5.1.jar
jar -xvf x-pack-core-7.5.1.jar

# 替換.class文件
cp /opt/XPackBuild.class /opt/tmp/org/elasticsearch/xpack/core/
cp /opt/LicenseVerifier.class /opt/tmp/org/elasticsearch/license/

5. 打包新x-pack-core-7.5.1.jar文件

cd /opt/tmp
rm -rf x-pack-core-7.5.1.jar   # 刪除臨時拷貝過來的源文件
jar cvf x-pack-core-7.5.1.jar .

至此在/opt/tmp目錄下會新生成一個x-pack-core-7.5.1.jar文件,也就是破解后的文件。

6. 替換x-pack-core-7.5.1.jar文件

將集群中三個節點全部替換
cp /opt/tmp/x-pack-core-7.5.1.jar $ELASTIC_HOME/modules/x-pack-core/

7. 申請License

完成以上步驟后,還需要去elastic官網申請一個license,License地址,申請完成后,下載下來的License格式為json格式。並將該License的typeexpiry_date_in_millismax_nodes分別修改成platinum25245792009991000。如下:

{"license":
    {
        "uid":"537c5c48-c1dd-43ea-ab69-68d209d80c32",
        "type":"platinum",
        "issue_date_in_millis":1558051200000,
        "expiry_date_in_millis":2524579200999,
        "max_nodes":1000,
        "issued_to":"hkd",
        "issuer":"Web Form",
        "signature":"AAAAAwAAAA3fIq7NLN3Blk2olVjbAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCjNd8mwy8B1sm9rGrgTmN2Gjm/lxqfnTEpTc+HOEmAgwQ7Q1Ye/FSGVNIU/enZ5cqSzWS2mY8oZ7FM/7UPKVQ4hkarWn2qye964MW+cux54h7dqxlSB19fG0ZJOJZxxwVxxi8iyJPUSQBa+QN8m7TFkK2kVmP+HnhU7mGUrqXt3zTk5d3pZw3QBQ/Rr3wmSYC5pxV6/o2UHFgu1OPDcX+kEb+UZtMrVNneR+cEwyx7o5Bg3rbKC014T+lMtt69Y080JDI5KfHa7e9Ul0c3rozIL975fP45dU175D4PKZy98cvHJgtsCJF3K8XUZKo2lOcbsWzhK2mZ5kFp0BMXF3Hs",
        "start_date_in_millis":1558051200000
    }
}

文件存為license.json

將過期時間寫到2049年,type改為platinum 白金版,這樣我們就會擁有全部的x-pack功能。

8. 配置elasticsearch安全協議

完成以上所有操作在啟動elasticsearch前,需要配置elasticsearch的SSL/TLS安全協議,如果不配置的話,需要禁止security才能配置License。

當License配置完成后我們需要再開啟security,並開啟SSL\TLS。

echo "xpack.security.enabled: false" >> $ELASTIC_HOME/config/elasticsearch.yml
修改完之后重啟

9. 加載License到elasticsearch

將集群中的三個節點都導入license
curl -XPUT 'http://localhost:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json
{"acknowledged":true,"license_status":"valid"}    # license寫入成功

# 在es日志中可以查看到如下信息,
license [65eafbab-c360-4f64-900d-449499b3d530] mode [basic] - valid
Active license is now [BASIC]; Security is disabled
license [537c5c48-c1dd-43ea-ab69-68d209d80c32] mode [platinum] - valid
Active license is now [PLATINUM]; Security is enabled

但是再次查看證書信息的話會報錯,因為沒有開啟ssl/tls

# 開啟ssl/tls,打開認證
echo "xpack.security.enabled: true" >> $ELASTIC_HOME/config/elasticsearch.yml
echo "xpack.security.transport.ssl.enabled: true" >> $ELASTIC_HOME/config/elasticsearch.yml
#重啟es服務
# 如果需要重新設置密碼,手動設置密碼 ./bin/elasticsearch-setup-passwords interactive # 自動生成密碼: ./bin/elasticsearch-setup-passwords auto future versions of Elasticsearch will require Java 11; your Java version from [/data/soft/jdk1.8.0_181/jre] does not meet this requirement
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y


Changed password for user apm_system
PASSWORD apm_system = YkON09CAvfqkFLDVGbVI

Changed password for user kibana
PASSWORD kibana = OkmimJjixELhLgbq03rI

Changed password for user logstash_system
PASSWORD logstash_system = Secl1Dm9CwslxbESCZcH

Changed password for user beats_system
PASSWORD beats_system = U5JfrOmHMj39UCFkw8ei

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = ej8swTghWg8PT84WPeet

Changed password for user elastic
PASSWORD elastic = cBBC2wUJQz2fhVFrYUsF

10. 查看License

curl -XGET -u elastic:cBBC2wUJQz2fhVFrYUsF http://192.168.1.234:9200/_license
{
  "license" : {
    "status" : "active",
    "uid" : "f6455e7e-4a45-43c5-b8b9-c80b06a7c661",
    "type" : "basic",
    "issue_date" : "2020-04-20T03:27:50.641Z",
    "issue_date_in_millis" : 1587353270641,
    "max_nodes" : 1000,
    "issued_to" : "es-itcast-cluster",
    "issuer" : "elasticsearch",
    "start_date_in_millis" : -1
  }
}

由結果可以看出x-pack到期時間為2049-12-31,破解完成。也可以在kibana web頁面管理中查看破解詳情。

kibana操作

cat  config/kibana.yml
server.port: 5601
server.host: "192.168.1.234"
elasticsearch.hosts: ["http://192.168.1.234:9200","http://192.168.1.233:9200","http://192.168.1.240:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "OkmimJjixELhLgbq03rI"
i18n.locale: "zh-CN"

登陸kibana頁面

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 X-pack 6.4.0 破解 Elasticsearch6.5.2 X-pack破解及安裝教程 centos7安裝elasticsearch6.3.x集群並破解安裝x-pack es機器監控x-pack導致的監控存儲過大的問題 es配置x-pack使用賬號密碼驗證(last單機和集群模式) ELK集群設置X-pack密碼 kibana x-pack 更新license ELK實戰搭建+x-pack安全認證 elasticsearch + kibana + x-pack + logstash_集群部署安裝 ElasticSearch 5.6.1 安裝 Kibana、X-Pack和head
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM