Monitoring / 运维笔记

ELK 集群白金版 2050年通用破解流程

Einic Yeo · 1月13日 · 2020年

适用版本:理论上适用于6.X版本后的所有版本

一、 破解流程

1、在Linux中复制出x-pack-core-版本号.jar

    /usr/share/elasticsearc版权声明:本文遵循 CC 4.0 BY-SA 版权协议,若要转载请务必附上原文出处链接及本声明,谢谢合作!h/modules/x-pack-core/x-pack-core-7.5.1.jar

mkdir -p /tmp/xpack 
cp /usr/share/elasticsearch/modules/x-pack-core/x-pack-core-7.5.1.jar /tmp/xpack

2、解压刚刚版权声明:本文遵循 CC 4.0 BY-SA 版权协议,若要转载请务必附上原文出处链接及本声明,谢谢合作!复制出来的文件

 jar -xvf x-pack-core-7.5.1.jar && mv x-pack-core-7.5.1.jar x-pack-core-7.5.1.jar.bak
版权声明:本文遵循 CC 4.0 BY-SA 版权协议,若要转载请务必附上原文出处链接及本声明,谢谢合作!

3、下载已经破解好的文件,并覆盖到原文件或者修改X-Pack源码文件。

修改LicenseVerifier.java
LicenseVerifier中有两个静态方法,这就是验证授权文件是否有效的方法,我们把它修改为全部返回true.

/*如下代码为修改完后的代码,我们这里使用注释将不需要的代码注释掉*/
package org.elasticsearch.license;

import java.nio.*;
import org.elasticsearch.common.bytes.*;
import java.security.*;
import java.util.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.core.internal.io.*;
import java.io.*;

public class LicenseVerifier
{
    public static boolean verifyLicense(final License license, final byte[] publicKeyData) {
 /*       
        byte[] signedContent = null;
        byte[] publicKeyFingerprint = null;
        try {
            final byte[] signatureBytes = Base64.getDecoder().decode(license.signature());
            final ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes);
            final int version = byteBuffer.getInt();
            final int magicLen = byteBuffer.getInt();
            final byte[] magic = new byte[magicLen];
            byteBuffer.get(magic);
            final int hashLen = byteBuffer.getInt();
            publicKeyFingerprint = new byte[hashLen];
            byteBuffer.get(publicKeyFingerprint);
            final int signedContentLen = byteBuffer.getInt();
            signedContent = new byte[signedContentLen];
            byteBuffer.get(signedContent);
            final XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON);
            license.toXContent(contentBuilder, (ToXContent.Params)new ToXContent.MapParams((Map)Collections.singletonMap("license_spec_view", "true")));
            final Signature rsa = Signature.getInstance("SHA512withRSA");
            rsa.initVerify(CryptUtils.readPublicKey(publicKeyData));
            final BytesRefIterator iterator = BytesReference.bytes(contentBuilder).iterator();
            BytesRef ref;
            while ((ref = iterator.next()) != null) {
                rsa.update(ref.bytes, ref.offset, ref.length);
            }
            return rsa.verify(signedContent);
        }
        catch (IOException ex) {}
        catch (NoSuchAlgorithmException ex2) {}
        catch (SignatureException ex3) {}
        catch (InvalidKeyException e) {
            throw new IllegalStateException(e);
        }
        finally {
            if (signedContent != null) {
                Arrays.fill(signedContent, (byte)0);
            }
        }
*/
        return true;
    }
    
    public static boolean verifyLicense(final License license) {
        /*
        byte[] publicKeyBytes;
        try {
            final InputStream is = LicenseVerifier.class.getResourceAsStream("/public.key");
            try {
                final ByteArrayOutputStream out = new ByteArrayOutputStream();
                Streams.copy(is, (OutputStream)out);
                publicKeyBytes = out.toByteArray();
                if (is != null) {
                    is.close();
                }
            }
            catch (Throwable t) {
                if (is != null) {
                    try {
                        is.close();
                    }
                    catch (Throwable t2) {
                        t.addSuppressed(t2);
                    }
                }
                throw t;
            }
        }
        catch (IOException ex) {
            throw new IllegalStateException(ex);
        }
        //return verifyLicense(license, publicKeyBytes);
        */
        return true;
    }
}
修改XPackBuild.java
XPackBuild中最后一个静态代码块中 try的部分全部删除,这部分会验证jar包是否被修改.

/*如下代码为修改完后的代码,我们这里使用注释将不需要的代码注释掉*/
package org.elasticsearch.xpack.core;

import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;

public class XPackBuild
{
    public static final XPackBuild CURRENT;
    private String shortHash;
    private String date;
    
    @SuppressForbidden(reason = "looks up path of xpack.jar directly")
    static Path getElasticsearchCodebase() {
        final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
        try {
            return PathUtils.get(url.toURI());
        }
        catch (URISyntaxException bogus) {
            throw new RuntimeException(bogus);
        }
    }
    
    XPackBuild(final String shortHash, final String date) {
        this.shortHash = shortHash;
        this.date = date;
    }
    
    public String shortHash() {
        return this.shortHash;
    }
    
    public String date() {
        return this.date;
    }
    
    static {
        final Path path = getElasticsearchCodebase();
        String shortHash = null;
        String date = null;
        Label_0109: {
/*            if (path.toString().endsWith(".jar")) {
                try {
                    final JarInputStream jar = new JarInputStream(Files.newInputStream(path, new OpenOption[0]));
                    try {
                        final Manifest manifest = jar.getManifest();
                        shortHash = manifest.getMainAttributes().getValue("Change");
                        date = manifest.getMainAttributes().getValue("Build-Date");
                        jar.close();
                    }
                    catch (Throwable t) {
                        try {
                            jar.close();
                        }
                        catch (Throwable t2) {
                            t.addSuppressed(t2);
                        }
                        throw t;
                    }
                    break Label_0109;
                }
                catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
*/
            shortHash = "Unknown";
            date = "Unknown";
        }
        CURRENT = new XPackBuild(shortHash, date);
    }
}
# 编译LicenseVerifier.java
javac -cp "/usr/local/elasticsearch/lib/elasticsearch-7.5.1.jar:/usr/local/elasticsearch/lib/lucene-core-8.3.0.jar:/usr/local/elasticsearch/modules/x-pack-core/x-pack-core-7.5.1.jar:/usr/local/elasticsearch/modules/x-pack-core/netty-common-4.1.43.Final.jar:/usr/local/elasticsearch/lib/elasticsearch-core-7.5.1.jar" /root/LicenseVerifier.java

# 编译XPackBuild.java
javac -cp "/usr/local/elasticsearch/lib/elasticsearch-7.5.1.jar:/usr/local/elasticsearch/lib/lucene-core-8.3.0.jar:/usr/local/elasticsearch/modules/x-pack-core/x-pack-core-7.5.1.jar:/usr/local/elasticsearch/modules/x-pack-core/netty-common-4.1.43.Final.jar:/usr/local/elasticsearch/lib/elasticsearch-core-7.5.1.jar" /root/XPackBuild.java

cp -rf LicenseVerifier.class /org/elasticsearch/license/LicenseVerifier.class

cp -rf XPackBuild.class /org/elasticsearch/xpack/core/XPackBuild.class

4、重新打包x-pack-core-版本号.jar

 jar cvf x-pack-core-7.5.1.jar * (文件名要与系统名相同,也就是第一步我们复制出来的文件名。后面是星号 * 和前面文件名中间有一个空格)

5、覆盖安装目录下原先同名文件

cp -rf /tmp/xpack/x-pack-core-7.5.1.jar /usr/share/elasticsearch/modules/x-pack-core/x-pack-core-7.5.1.jar

6、修改elasticsearch.yml配置并重启程序

vim /etc/elasticsearch/elasticsearch.yml

xpack.security.enabled: false (先把 x-pack security关闭)

systemctl restart kibana elasticsearch

7、导入license

curl -XPUT -u elastic ‘http://localhost:9200/_xpack/license’ -H “Content-Type: application/json” -d @license.json
若返回true 说明导入成功,再输入 curl -u elastic http://localhost:9200/_license 查看license 同样密码为空 直接按回车

8、生成SSL证书

./bin/elasticsearch-certutil ca
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
mkdir -p config/certs && mv elasticsearch/elastic-* config/certs/

[[email protected] config]# tree -L 2 certs
certs
├── elastic-certificates.p12
└── elastic-stack-ca.p12

0 directories, 2 files

再次编辑elasticsearch.yml 配置文件

vim /etc/elasticsearch/elasticsearch.yml
修改如下:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12 

systemctl restart elasticsearch

9、设置密码

/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
按Y(按回车没用),然后就是输入密码一步一步继续,然后就是vim /etc/kibana/kibana.yml 编辑kibana配置文件,把刚才设置的账号密码配置进去。

systemctl restart kibana elasticsearch

10、登陆验证

登录之后查看许可就是白金版了,基本上是全功能版了。

注意:由于7.X版本中并没有Enterprise API,所以即便修改了Enterprise,程序也无法识别,据说8.0新版本中会新增。ELK Stack企业版和ELK企业版不是一个概念,ELK本地企业版要安装Elastic Cloud Enterprise。

二、破解文件

链接:https://pan.baidu.com/s/1V9版权声明:本文遵循 CC 4.0 BY-SA 版权协议,若要转载请务必附上原文出处链接及本声明,谢谢合作!4kuRuwMY7w0XLaMoJD-A 提取码:kabw

三、关于license

实际上2524579200999 这串数字是Unix的时间戳,单位是毫秒

亦可以自行DIY版权声明:本文遵循 CC 4.0 BY-SA 版权协议,若要转载请务必附上原文出处链接及本声明,谢谢合作!修改 ,这里提供在线工具 https://tool.lu/timestamp/

参考文献

https://www.azurew.com/elk/3750.html

0 条回应