Decrypt WebLogic Server Admin Password/SOA DB schema password

• recover database username and password of JDBC Connection pool – encrypted password resides in $DOMAIN_HOME/config/jdbc directory, in xml files
• recover password of a keystore where we store SSL certificates
• any encrypted password from config.xml  located in $DOMAIN_HOME/config dir

Let’s roll:

NOTE: SerializedSystemIni.dat file exists in $DOMAIN_HOME/security directory. 

1. Create a script decrypt_password.py in $DOMAIN_HOME/security directory and paste the following code into it:

from weblogic.security.internal import *
from weblogic.security.internal.encryption import *
encryptionService = SerializedSystemIni.getEncryptionService(".")
clearOrEncryptService = ClearOrEncryptedService(encryptionService)

# Take encrypt password from user
pwd = raw_input("Paste encrypted password ({AES}fk9EK...): ")

# Delete unnecessary escape characters
preppwd = pwd.replace("\\", "")

# Display password
print "Decrypted string is: " + clearOrEncryptService.decrypt(preppwd)

2. Set domain environment variables

source $DOMAIN_HOME/bin/setDomainEnv.sh

3. Get encrypted password, in this example from boot.properties file of AdminServer

#Username:
grep username $DOMAIN_HOME/servers/AdminServer/security/boot.properties | sed -e "s/^username=\(.*\)/\1/"

#Password:
grep password $DOMAIN_HOME/servers/AdminServer/security/boot.properties | sed -e "s/^password=\(.*\)/\1/"

Or for SOA schema, we can get the encrypted password from $DOMAIN_HOME/config/jdbc/SOADataSource-jdbc.xml

4. Navigate to $DOMAIN_HOME/security directory and run the following command to start decryption:

cd $DOMAIN_HOME/security

java weblogic.WLST decrypt_password.py


Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Please enter encrypted password (Eg. {AES}fk9EK...): {AES}jkIkkdh693dsyLt+DrKUfNcXryuHKLJD76*SXnPqnl5oo\=
Decrypted string is: welcome01

Decrypted value will be displayed on the screen.

 

 Source: http://tinyurl.com/km92oto

Otherwise try oracle suggested steps, but this only works if you are logged on to the same server:

Document 2852454.1 (oracle.com)

2. Run WLST:

cd /u01/app/oracle/middleware/oracle_common/common/bin
./wlst.sh

3. Set the domain and decrypt the password:

domain = "COMPLETE PATH TO DOMAIN HOME"
service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
print encryption.decrypt("PASSWORD FROM ABOVE datasource xml file")