Linux deployment jar package, hidden command line parameters
The latest project security inspection found that the database password in the configuration file and the redis password are still processed in plain text,
so I compiled an article: SpringBoot integrates jasypt, encrypts the yml configuration file: https://blog.csdn.net/qq_38254635/article/details/132026841
The process is quite tortuous, and the error has been reported: Failed to bind properties under 'spring.datasource.password' to java.lang.String
So I compiled an article: https://blog.csdn.net/qq_38254635/article/details/132027639
Everything is configured, and a fatal problem is found. Using ps -ef | grep java can clearly see the secret key, it is cracked!
1. Background requirements
1. Do not change any code.
2. Hide the configuration parameters in the nohup startup command.
2. Access information
Most of them are processed according to the idea of C, and the configuration parameters are written into the memory in advance, and then when starting, point to the corresponding configuration through the pointer to achieve the purpose of hiding the configuration.
According to this link, I learned a bit: https://zhuanlan.zhihu.com/p/610215116?utm_id=0
Third, realize the hidden library
create a new directory
cd /
mkdir test
cd test
3.1, test test.c
Add test file
touch test.c
Test program: test.c
#include <stdio.h>
int main(int argc,char **argv){
printf("argc=%d\n",argc);
printf("argv[0]=%s\n",argv[0]);
printf("argv[1]=%s\n",argv[1]);
printf("argv[2]=%s\n",argv[2]);
getchar();
return 0;
}
Compile the test program
gcc test.c
run test program
./a.out 123 456
view progress
ps -ef
The viewing results of the process, directly run the command line parameters and print them out directly with the ps command.
All that needs to be done now is to hide the following parameters.
3.2, set hidden library
Hidden library program hide.c
touch hide.c
Write the code hide.c
#define _GNU_SOURCE
#include <dlfcn.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int (*main_bak) (int, char **, char **);
/*
* 所有的argv指向的内存先备份,然后全部改为*,再将argv指针指向备份内存
*/
static int mymain(int argc, char **argv, char **env) {
int ret = 0,i = 0,len = 0;
char **argvbak = NULL;
if(argc > 1){
argvbak=(char **)calloc(argc,sizeof(char *));
for(i = 1;i < argc;i++){
len = strlen(argv[i]);
argvbak[i] = (char *)calloc(len,sizeof(char));
strcpy(argvbak[i],argv[i]);
strncpy(argv[i],"*",strlen(argv[i]));
argv[i] = argvbak[i];
}
}
ret = main_bak(argc, argv, env);
if(argc > 1){
for(i = 1;i < argc;i++){
free(argvbak[i]);
}
free(argvbak);
}
return ret;
}
int (*__next_libc_start_main)(int (*main)(int, char **, char **),
int argc,
char **argv,
void (*init) (void),
void (*fini) (void),
void (*_fini) (void),
void (*stack_end));
int __libc_start_main(int (*main)(int, char **, char **),
int argc, char **argv,
void (*init)(void),
void (*fini)(void),
void (*_fini)(void),
void (*stack_end))
{
__next_libc_start_main = dlsym(RTLD_NEXT, "__libc_start_main");
main_bak = main;
return __next_libc_start_main(mymain, argc, argv, init, fini, _fini, stack_end);
}
compile code hide.c
gcc -O2 -fPIC -shared -o hide.so hide.c -ldl
3.3. Verification
Run the program with parameter hiding
LD_PRELOAD=./hide.so ./a.out 111 222
View process
The above is hidden
Fourth, the application jar start command
The startup command of the original project:
nohup java -jar -Djasypt.encryptor.password='1234qwer' /app/web.jar --server.port=8080 --spring.config.location=/app/web.yml >> /app/web.out 2>&1 &
On this basis, you can use the hidden library, and add LD_PRELOAD before the command, as follows:
LD_PRELOAD=./hide.so nohup java -jar -Djasypt.encryptor.password='1234qwer' /app/web.jar --server.port=8080 --spring.config.location=/app/web.yml >> /app/web.out 2>&1 &
If you start it elsewhere, you can use an absolute path:
LD_PRELOAD=/test/hide.so nohup java -jar -Djasypt.encryptor.password='1234qwer' /app/web.jar --server.port=8080 --spring.config.location=/app/web.yml >> /app/web.out 2>&1 &
After the execution is complete, view the project progress
ps -ef |grep java
5. Direct application of results
1. Directly download the .so file
CSDN address: https://download.csdn.net/download/qq_38254635/88140515
Baidu network disk address: https://pan.baidu.com/s/1HcPlHjRpBsmUTU8GnAhKfg?pwd=dge1
Extraction code: dge1
2. Put it in the server and add the following command before starting the command.
LD_PRELOAD=/my/hide.so
The address needs to be adjusted according to the location of the server.
Reference link:
Java program hides command line parameters: https://www.5axxw.com/wenku/pg/5100338h.html
How to hide process startup parameters? : https://www.zhihu.com/question/27518530
Linux small coup - hide command line parameters (do not modify the source code): https://zhuanlan.zhihu.com/p/610215116?utm_id=0