Wednesday, November 24, 2021

Decrypt WebLogic Server Admin Password/SOA DB schema password



  • recover database username and password of JDBC Connection pool – encrypted password resides in $DOMAIN_HOME/config/jdbc directory, in xml files
  • recover password of a keystore where we store SSL certificates
  • any encrypted password from config.xml  located in $DOMAIN_HOME/config dir
Let’s roll:
NOTESerializedSystemIni.dat file exists in $DOMAIN_HOME/security directory. 
1. Create a script decrypt_password.py in $DOMAIN_HOME/security directory and paste the following code into it:
from weblogic.security.internal import *
from weblogic.security.internal.encryption import *
encryptionService = SerializedSystemIni.getEncryptionService(".")
clearOrEncryptService = ClearOrEncryptedService(encryptionService)

# Take encrypt password from user
pwd = raw_input("Paste encrypted password ({AES}fk9EK...): ")

# Delete unnecessary escape characters
preppwd = pwd.replace("\\", "")

# Display password
print "Decrypted string is: " + clearOrEncryptService.decrypt(preppwd)
2. Set domain environment variables
source $DOMAIN_HOME/bin/setDomainEnv.sh
3. Get encrypted password, in this example from boot.properties file of AdminServer
#Username:
grep username $DOMAIN_HOME/servers/AdminServer/security/boot.properties | sed -e "s/^username=\(.*\)/\1/"

#Password:
grep password $DOMAIN_HOME/servers/AdminServer/security/boot.properties | sed -e "s/^password=\(.*\)/\1/"
Or for SOA schema, we can get the encrypted password from $DOMAIN_HOME/config/jdbc/SOADataSource-jdbc.xml
4. Navigate to $DOMAIN_HOME/security directory and run the following command to start decryption:
cd $DOMAIN_HOME/security

java weblogic.WLST decrypt_password.py


Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Please enter encrypted password (Eg. {AES}fk9EK...): {AES}jkIkkdh693dsyLt+DrKUfNcXryuHKLJD76*SXnPqnl5oo\=
Decrypted string is: welcome01
Decrypted value will be displayed on the screen.
 
 Source: http://tinyurl.com/km92oto


Otherwise try oracle suggested steps, but this only works if you are logged on to the same server:
Document 2852454.1 (oracle.com)

2. Run WLST:

cd /u01/app/oracle/middleware/oracle_common/common/bin
./wlst.sh

3. Set the domain and decrypt the password:

domain = "COMPLETE PATH TO DOMAIN HOME"
service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
print encryption.decrypt("PASSWORD FROM ABOVE datasource xml file")