V2AS问路
ElasticSearch7.3破解
阅读原文时间:2023年07月08日阅读:1

正常部署ELK7到服务器上,先不要启动。然后开始进行破解操作

需要破解的文件:modules/x-pack-core/x-pack-core-7.3.0.jar

用来反编译jar的工具:IDEA或者Luyten

x-pack从6.0开始,已经内置在了Elasticsearch中,只需要配置开启就可以使用(30天的试用期)

如果Mac使用Luyten,则需要安装JDK8版本 其他版本可能会导致打不开

需要修改x-pack的相关源码的文件

x-pack的lisence的校验主要是这两个文件

  1. 验证licence是否有效:org.elasticsearch.license.LicenseVerifier
  2. 验证jar包是否被修改:org.elasticsearch.xpack.core.XPackBuild

先用Luyten打开jar包,找到这两个文件LicenseVerifier.classXPackBuild.class,另存为后缀改成.java(LicenseVerifier.javaXPackBuild.java)

修改LicenseVerifier.java

直接修改两个静态方法,返回true

package org.elasticsearch.license;

import java.nio.*;
import org.elasticsearch.common.bytes.*;
import java.security.*;
import java.util.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.core.internal.io.*;
import java.io.*;

public class LicenseVerifier
{
    public static boolean verifyLicense(final License license, final byte[] publicKeyData) {
        return true;
    }

    public static boolean verifyLicense(final License license) {
        return true;
    }
}

修改XPackBuild.java

最后一个静态代码块中 try的部分全部删除

package org.elasticsearch.xpack.core;

import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;

public class XPackBuild
{
    public static final XPackBuild CURRENT;
    private String shortHash;
    private String date;

    @SuppressForbidden(reason = "looks up path of xpack.jar directly")
    static Path getElasticsearchCodebase() {
        final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
        try {
            return PathUtils.get(url.toURI());
        }
        catch (URISyntaxException bogus) {
            throw new RuntimeException(bogus);
        }
    }

    XPackBuild(final String shortHash, final String date) {
        this.shortHash = shortHash;
        this.date = date;
    }

    public String shortHash() {
        return this.shortHash;
    }

    public String date() {
        return this.date;
    }

    static {
        final Path path = getElasticsearchCodebase();
        String shortHash = null;
        String date = null;
        Label_0109: {
            // if (path.toString().endsWith(".jar")) {
            //     try {
            //         final JarInputStream jar = new JarInputStream(Files.newInputStream(path, new OpenOption[0]));
            //         try {
            //             final Manifest manifest = jar.getManifest();
            //             shortHash = manifest.getMainAttributes().getValue("Change");
            //             date = manifest.getMainAttributes().getValue("Build-Date");
            //             jar.close();
            //         }
            //         catch (Throwable t) {
            //             try {
            //                 jar.close();
            //             }
            //             catch (Throwable t2) {
            //                 t.addSuppressed(t2);
            //             }
            //             throw t;
            //         }
            //         break Label_0109;
            //     }
            //     catch (IOException e) {
            //         throw new RuntimeException(e);
            //     }
            // }
            shortHash = "Unknown";
            date = "Unknown";
        }
        CURRENT = new XPackBuild(shortHash, date);
    }
}

重新编译生成.class文件

cd ${ES_home_dir}/modules/x-pack-core
# 将文件备份一下
cp x-pack-core-7.3.0.jar x-pack-core-7.3.0.jar_bak
# 将jar包拷贝到/opt下进行文件替换操作
cp x-pack-core-7.3.0.jar /opt/

ES_home_dir='/data/local/elasticsearch'
# 生成LicenseVerifier.class文件
javac -cp "${ES_home_dir}/lib/elasticsearch-7.3.0.jar:${ES_home_dir}/lib/lucene-core-8.1.0.jar:${ES_home_dir}/modules/x-pack-core/x-pack-core-7.3.0.jar:${ES_home_dir}/modules/x-pack-core/netty-common-4.1.36.Final.jar:${ES_home_dir}/lib/elasticsearch-core-7.3.0.jar" /root/LicenseVerifier.java
# 生成XPackBuild.class文件
javac -cp "${ES_home_dir}/lib/elasticsearch-7.3.0.jar:${ES_home_dir}/lib/lucene-core-8.1.0.jar:${ES_home_dir}/modules/x-pack-core/x-pack-core-7.3.0.jar:${ES_home_dir}/lib/elasticsearch-core-7.3.0.jar" /root/XPackBuild.java

# 编译成功后,可以在/root下查看到class文件  这里看你的.java文件在哪里放着
ll /root/*.class
-rw-r--r--. 1 root root  410 Sep 27 09:58 /root/LicenseVerifier.class
-rw-r--r--. 1 root root 1512 Sep 27 10:01 /root/XPackBuild.class

替换.class文件, 并替换jar包

将上边两个修改后的文件,上传到ES服务器上,替换x-pack-core-7.3.0.jar中的源文件

cd /opt

# 查看两个文件在jar包中的位置
jar -tvf x-pack-core-7.3.0.jar | grep LicenseVerifier
  4786 Wed Jul 24 18:31:58 UTC 2019 org/elasticsearch/license/LicenseVerifier.class
jar -tvf x-pack-core-7.3.0.jar | grep XPackBuild
  2893 Wed Jul 24 18:31:58 UTC 2019 org/elasticsearch/xpack/core/XPackBuild.class

# 解压jar包
jar -xvf x-pack-core-7.3.0.jar
rm -f x-pack-core-7.3.0.jar
# 替换class
cp /root/LicenseVerifier.class org/elasticsearch/license/
cp /root/XPackBuild.class org/elasticsearch/xpack/core/
# 重新打包成jar包
jar cvf x-pack-core-7.3.0.jar .

cp x-pack-core-7.3.0.jar ${ES_home_dir}/modules/x-pack-core/

此处注意,查看替换后的jar包属主属组是否为启动elasticsearch的用户。一般来说不会变化,但是确认一遍最好

如果ELK是集群形式部署的,那么所有的ES服务器上都要替换这个文件。直接cp过去替换就可以

申请License

完成以上修改jar包操作后,去ES官网申请一个License,申请地址。然后注册下来后,会给一个License,是个json格式的,可以手动修改typeexpiry_date_in_millismax_nodes分别修改成platinum(白金版)、2524579200999(过期时间)、1000(最大node节点数量)。

许可证书分有三类GOLD(黄金),PLATINUM(白金),ENTERPRISE(企业). 白金版就可使用所有的x-pack功能

{
  "license": {
    "uid": "40d50156-1e84-41c0-ab11-f72d3135c03b",
    "type": "platinum",
    "issue_date_in_millis": 1601164800000,
    "expiry_date_in_millis": 2524579200999,
    "max_nodes": 1000,
    "issued_to": "kaku moe (Neo)",
    "issuer": "Web Form",
    "signature": "AAAAAwAAAA0jo3zeAbYjqQ2OReAtAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQAzFCGOyPC+uYxW7sGJWRYeVvmuwbR/Et7JhbLUKJLZ0UB5bXYDAyS3QMWWmUA31UKyp8w99J8N5gWZXgBTzVXF0VGyvtg6Ox5e+U68f9D1tBjM7r6asgDql7W6fzqgjm4lPQLGVJ1+kycxR1WTZ990QjfZ7eq3cb7nbj3BlszcCQ1b5vzhVmYdktSpL7D4zM1HXAmor7PQO+APt/r2kvRiaqF9rxj5pki73dWxdUkxEIM1gL3QkfVXeT+GRwUPXwnFonaWDSG8abEZ7GNpLB3SzufeKByerhPkKmQBJRaKeD3eTuk57EPzTzZtksxfDUfOKeHynQsHLIIShzC89gDq",
    "start_date_in_millis": 1601164800000
  }
}

文件存为license.json

导入License

  • 首先,编辑config/elasticsearch.yml,在最后设置禁用xpack.security. 并启动ES

    vim config/elasticsearch.yml
...
# Xpack's security certification
xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false

su elk
bin/elasticsearch -d

  • 导入License

    curl -XPUT -u elastic 'http://172.60.254.11:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json
# 此时提示需要输入elastic账号的密码,直接回车就可以
Enter host password for user 'elastic':
{"acknowledged":true,"license_status":"valid"}

创建ES集群的账号密码

导入License成功后,修改elasticsearch.yml配置文件,再把xpack安全认证打开

vim config/elasticsearch.yml
...
# Xpack's security certification
xpack.security.enabled: true

如果没有生成密码,可以用下面命令生成elastic的密码

# 如果需要重新设置密码,手动设置密码
./bin/elasticsearch-setup-passwords interactive

# 自动生成密码:
./bin/elasticsearch-setup-passwords auto

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y

Changed password for user apm_system
PASSWORD apm_system = tRIKSfXsTTtkg48nDUIz

Changed password for user kibana
PASSWORD kibana = 0tVqPYiYfJDEmB06fCD6

Changed password for user logstash_system
PASSWORD logstash_system = DwZwprw0VFmlxN4vz9T6

Changed password for user beats_system
PASSWORD beats_system = 992PYLq90xCXbzny3xtY

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = N81cmU1XGeXvnYiABUEo

Changed password for user elastic
PASSWORD elastic = Iy7ZIX0pftcxayqodnoK

如果这里报错:Failed to determine the health of the cluster running at http://172.60.254.11:9200

这是由于脏数据的原因,启用xpack的时候,集群链接失败

以下步骤只适用于初始创建集群,或者测试环境

创建证书

现在密码和License都已经OK了,证书实现集群的加密通信

# 生成CA证书, 一路回车就可以
bin/elasticsearch-certutil ca  (生成的CA证书: elastic-stack-ca.p12)

# 生成节点使用的证书 一路回车就可以
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12   (生成的节点证书: elastic-certificates.p12)

# 将节点证书,放到所有节点的 config目录下
cp elastic-certificates.p12 /data/local/elasticsearch/config/
# 修改配置文件添加下列参数项
xpack.security.transport.ssl.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.verification_mode: certificate  # 证书验证级别
xpack.security.transport.ssl.keystore.path: /data/local/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/local/elasticsearch/config/elastic-certificates.p12

启动集群

su elk
bin/elasticsearch -d

curl -u elastic:Iy7ZIX0pftcxayqodnoK 'http://172.60.254.11:9200/_cat/nodes?'
172.60.254.90 6 77 11 0.94 0.38 0.22 dim * master-data2
172.60.254.98 6 77 14 0.25 0.10 0.08 dim - master-data1
172.60.254.11 6 90 13 0.33 0.16 0.15 i   - client


vim /data/local/kibana/config/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://172.60.254.11:9300","http://172.60.254.98:9300","http://172.60.254.90:9300"]
elasticsearch.username: "kibana"
elasticsearch.password: "xxxxxxxxxxxxxx"

su elk  # kibana也不能用root启动
cd /data/local/kibana/bin
screen -dSm kibana ./kibana

手机扫一扫

移动阅读更方便

阿里云服务器
腾讯云服务器
七牛云服务器

你可能感兴趣的文章

java与es8实战之二:实战前的准备工作
Elasticsearch rest-high-level-client 基本操作
elasticsearch7.X x-pack破解

4

Apache Ranger 编译安装部署

5

Apache Kafka 集群部署指南