X-pack escorts Elasticsearch

Elasticsearch itself does not provide any operation on user authentication and authorization (even there is no concept of "user" at all), and the responsibility for this work is transferred to developers and administrators. From some point of view, this is not a lack of function, but is regarded as a design concept (the same is true for similar Solr products, although it provides more related plug-ins). The reason for leaving security access control to users is that "most authentication and authorization functions are closely coupled with the application field".

In addition, Elastic Co. is committed to building a product ecosystem around Elasticsearch, which includes the software formerly known as Shield and now known as Security (which has been included in the X-Pack package). Both the former Shield and today's Security are designed to provide a secure access management scheme for Elasticsearch. They are closed-source commercial software.

This paper introduces a method of Crack X-Pack to escort the safety of elasticsearch.

Crack x-pack

Download x-pack

Elasticsearch 6.3. The version after X has its own x-pack plug-in, which does not need to be downloaded separately;

Elasticsearch before this version needs to install the x-pack plug-in with the same version number separately. Take Elasticsearch-5.4.3 as an example, the x-pack-5.4.3 plug-in needs to be installed;

Download address of x-pack-5.4.3 https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.4.3.zip

Install directly in a compressed package without decompression:

./elasticsearch-plugin install file:///home/weijie/elasticsearch-5.4.3-security/x-pack-5.4.3.zip

After the installation, restart elastic search and access port 9200 of es. It is found that it has been protected by x-pack and can only be accessed by logging in


Default user name: elastic
Default password: changeme

However, x-pack needs to be paid. The trial license only lasts for one month:

curl -X GET -u elastic:changeme localhost:9200/_license

Crack x-pack

crack x-pack.jar

  • Create the file licenseverifier java

    The contents are as follows:

    package org.elasticsearch.license;
    
    import java.nio.*;
    import java.util.*;
    import java.security.*;
    import org.elasticsearch.common.xcontent.*;
    import org.apache.lucene.util.*;
    import org.elasticsearch.common.io.*;
    import java.io.*;
    
    public class LicenseVerifier
    {
        public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
            return true;
        }
    
        public static boolean verifyLicense(final License license) {
            return true;
        }
    }
    
  • Compile licenseverifier java

    javac -cp "/home/weijie/elasticsearch-5.4.3-security/elasticsearch-5.4.3/lib/elasticsearch-5.4.3.jar:/home/weijie/elasticsearch-5.4.3-security/elasticsearch-5.4.3/lib/lucene-core-6.5.1.jar:/home/weijie/elasticsearch-5.4.3-security/elasticsearch-5.4.3/plugins/x-pack/x-pack-5.4.3.jar" LicenseVerifier.java

    Get the license verifier class

  • Replace licenseverifier class

    Replace licenseverifier Class to plugins / x-pack / x-pack-5.4.3 Jar, do not use the compression software of windows system to replace the class file here!

  • New temporary folder temp

    mkdir temp

  • Add / plugins / x-pack / x-pack-5.4.3 Move jar to temp folder

    mv elasticsearch-5.4.3/plugins/x-pack/x-pack-5.4.3.jar temp/

    cd temp

  • Unlock x-pack-5.4.3 jar

    jar -xvf x-pack-5.4.3.jar

    rm -rf x-pack-5.4.3.jar

  • Delete the original licenseverifier Class file, and the newly compiled licenseverifier Class copy to this location

    rm -rf org/elasticsearch/license/LicenseVerifier.class

    cp ../LicenseVerifier.class org/elasticsearch/license/

  • Repackage

    jar -cvf x-pack-5.4.3.jar ./*

  • Add the new package x-pack-5.4.3 Move jar to / plugins/x-pack/

    mv x-pack-5.4.3.jar ../elasticsearch-5.4.3/plugins/x-pack/

Update license

  • Obtain license

    Register here https://license.elastic.co/registration

    According to the received email, go to download the license. The formatted content is as follows:

    {
      "license": {
      	"uid": "b48c21d4-2b00-44fa-a456-dc40b0cdb649",
      	"type": "basic",
      	"issue_date_in_millis": 1592870400000,
      	"expiry_date_in_millis": 1624492799999,
      	"max_nodes": 100,
      	"issued_to": "jack jie (tencent)",
      	"issuer": "Web Form",
      	"signature": "AAAAAwAAAA3b8VQtxztAV9mDLDSbAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCFcV581PDqxjAM9m5CJkzBVnBM71leWkrvLyeSf6vSpFuLK+LFc2QThP6utxLJOmNdvDk8mUiEOkSEAIPseH0KaXR2w3BJ60P37Ryq7txE1P2D4De9Iz04hf8wrbqZK5Go3r95b2rcKTTO9+iNrRr3X69U5MtZ8V1JjXFcUC0Ppq3ryg+oPN2kafWmkjgtUBqwpz5aeMZlk/I6dQpn4TY2OtIT5E2HUxqpycVyXAcyTIkkdeQGhtKOC64GbExRvNQrQ9Xbc+ZSv/ofvXkv8fQq7oj6koqBslOLmXRmn7os/fNWuM5QO3TrlLYdDcNcP2uI4xJxGgEOKVXZ0qh19OAX",
      	"start_date_in_millis": 1592870400000
      }
    }
    
  • Tamper with license

    Main change level type and expiration time_ date_ in_ Millis, change the type to platinum, that is, the platinum version. You change the expiration time to 2050. Pay attention to this license Don't format JSON, just write it on one line.

    license.json

    {"license":{"uid":"b48c21d4-2b00-44fa-a456-dc40b0cdb649","type":"platinum","issue_date_in_millis":1592870400000,"expiry_date_in_millis":2524579200999,"max_nodes":100,"issued_to":"jack jie (tencent)","issuer":"Web Form","signature":"AAAAAwAAAA3b8VQtxztAV9mDLDSbAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCFcV581PDqxjAM9m5CJkzBVnBM71leWkrvLyeSf6vSpFuLK+LFc2QThP6utxLJOmNdvDk8mUiEOkSEAIPseH0KaXR2w3BJ60P37Ryq7txE1P2D4De9Iz04hf8wrbqZK5Go3r95b2rcKTTO9+iNrRr3X69U5MtZ8V1JjXFcUC0Ppq3ryg+oPN2kafWmkjgtUBqwpz5aeMZlk/I6dQpn4TY2OtIT5E2HUxqpycVyXAcyTIkkdeQGhtKOC64GbExRvNQrQ9Xbc+ZSv/ofvXkv8fQq7oj6koqBslOLmXRmn7os/fNWuM5QO3TrlLYdDcNcP2uI4xJxGgEOKVXZ0qh19OAX","start_date_in_millis":1592870400000}}
    
  • Update license

    curl -u elastic:changeme -X PUT http://localhost:9200/_xpack/license -d @license.json

  • Check the license again

    curl -u elastic:changeme -X GET http://localhost:9200/_license

At this point, the crack of x-pack is completed. We try to change the password of elastic user to datainsight:

curl -u elastic:changeme -X PUT http://localhost:9200/_xpack/security/user/elastic/_password -H 'Contentpe: application/json' -d '{"password" : "datainsight"}'

Creating a secure client using x-pack

First in POM x-pack-transport dependency is introduced into XML, and the version number is consistent with elasticsearch:

pom.xml

<dependencies>
    <dependency>
      	<groupId>junit</groupId>
      	<artifactId>junit</artifactId>
      	<version>3.8.1</version>
      	<scope>test</scope>
    </dependency>
    <dependency>
		<groupId>org.apache.logging.log4j</groupId>
		<artifactId>log4j-to-slf4j</artifactId>
		<version>2.7</version>
	</dependency>
	<dependency>
       	<groupId>org.slf4j</groupId>
       	<artifactId>slf4j-api</artifactId>
       	<version>1.7.12</version>
   	</dependency>
   	<dependency>
       	<groupId>org.slf4j</groupId>
       	<artifactId>slf4j-log4j12</artifactId>
       	<version>1.7.5</version>
   	</dependency>
    <dependency>
      	<groupId>org.elasticsearch</groupId>
      	<artifactId>elasticsearch</artifactId>
      	<version>5.4.3</version>
	</dependency>
	<!-- add the x-pack jar as a dependency -->
	<dependency>
      	<groupId>org.elasticsearch.client</groupId>
      	<artifactId>x-pack-transport</artifactId>
      	<version>5.4.3</version>
	</dependency>
  </dependencies>

To create a secure TransportClient, you need to make the following adjustments to the code:

Be sure to use PreBuiltXPackTransportClient instead of PreBuiltTransportClient to create a client, because xpack is included in the settings of PreBuiltXPackTransportClient security. User attribute.

Complete sample code:

EsClient.java

package test.xpacktest;

import java.net.InetSocketAddress;

import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.xpack.client.PreBuiltXPackTransportClient;

public class EsClient {
	
	private static final String CLUSTER_NAME = "cluster.name";
	private static final String XPACK_SECURITY_USER = "xpack.security.user";
	
	private static EsClient instance = null;
	private TransportClient transportClient = null;
	private String clusterName = "datainsight_cluster";
	private String xPackSecurityUser = "elastic:datainsight";
	private String esAddress = "192.168.205.132:9300";
	
	private EsClient() {
		
	}
	
	@SuppressWarnings("unchecked")
	private boolean init() {
		try {
			Settings settings = Settings.builder()
					.put(CLUSTER_NAME, clusterName)
					.put(XPACK_SECURITY_USER, xPackSecurityUser)
					.build();
			transportClient = new PreBuiltXPackTransportClient(settings);
			String[] esAddressArr = esAddress.split(",");
			for (String addr : esAddressArr) {
				String[] ipAndPort = addr.split(":");
				transportClient.addTransportAddress(new InetSocketTransportAddress(
						new InetSocketAddress(ipAndPort[0], 
								Integer.valueOf(ipAndPort[1]))));
			}
		} catch (Exception e) {
			return false;
		}
		return true;
	}
	
	public static EsClient getInstance() {
		if (instance == null) {
			instance = new EsClient();
			if (!instance.init()) {
				instance = null;
			}
		}
		return instance;
	}
	
	public TransportClient getClient() {
		return transportClient;
	}
}

App.java

package test.xpacktest;

import org.elasticsearch.action.admin.cluster.state.ClusterStateResponse;
import org.elasticsearch.client.transport.TransportClient;

public class App {
    public static void main( String[] args ) {
    	TransportClient client = EsClient.getInstance().getClient();
        ClusterStateResponse response = client
        		.admin()
        		.cluster()
        		.prepareState()
        		.execute()
        		.actionGet();
        System.out.println(response.getState());
    }    
}

reference

[1] ES X-Pack 5.4.3 Crack
[2] x-pack installation
[3] x-pack crack of elasticsearch

Tags: Java ElasticSearch

Posted by kruahsohr on Sun, 08 May 2022 02:14:31 +0300