Here are steps to Decrypt Weblogic AES Encrypted Username and Password !
NOTE 1 : When you do this things, make sure you have login to the weblogic Box
NOTE 2 : If you try to decrypt the other Weblogic AES Encrypted password from another Weblogic Instance it will NOT WORK. You got to do the operation on the same Box
NOTE 3 : It will also help you do decrypt the Passwords for DataStore which stores in config/jdbc
How to find the Domain Home and JVM Properties
Step A.
$ps -ef | grep java ( On Weblogic server )
$cd {java_path}
Step B.
./jcmd {PID_Weblogic} VM.system_properties|sort
Example:
./jcmd 24882 VM.system_properties|sort
With the output, we can see all the properties of the Weblogic, Domain Name, JARs Loaded, JAVA in Use, Config Files, Xml files
Other Way !
$lsof -i -P $lsof {PID_Weblogic}
It will also share all the files being used by the weblogic instance
Example : Username and Password
Generally it stores in boot.properties file
Path : {Domain_Home}/servers/AdminDomain/security/boot.properties
Domain_Home : It is the path where the Domain is being Created.
password={AES}ipkvzAyVM3tNyroUZoOnXRA+DTFZ2sdC7YCfrUyVXkU\=
username={AES}K31GOANcxLHVn7Qb0qqsjQI+2mGVsJyrL2DlAYZcyls\=
Step A :
$source $DOMAIN_HOME/bin/setDomainEnv.sh
This will load all the Environment Variables so that you can run WLST
Example Below :
bash-4.1$ java weblogic.WLST
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline>
Step B :
$cd $DOMAIN_HOME/security
Please Create a file name as decrypt.py in the above Directory and copy the below contents in the file
from weblogic.security.internal import *
from weblogic.security.internal.encryption import *
encryptionService = SerializedSystemIni.getEncryptionService(".")
clearOrEncryptService = ClearOrEncryptedService(encryptionService)
passwd = raw_input("Enter encrypted password of one which you wanted to decrypt : ")
plainpwd = passwd.replace("\\", "")
print "Plain Text password is: " + clearOrEncryptService.decrypt(plainpwd)
=> save the file and give execute permission ($chmod +x decrypt.py )
Final Step : Run the below Command to decrypting the password.
Enter the encrypted password when prompted
$java weblogic.WLST decrypt.py
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Enter encrypted password of one which you wanted to decrypt : {AES}LsGaddassssvQDyibmejXFkf1tWxyndNArAhZ3M5GcnjXWUpJs=
Plain Text password is: Welcome123
Using this way we can decrypt the encrypted password from boot.propertis
and db schema passwords stored data source xml files on
$DOMAIN_HOME/config/jdbc and also we can decrypt the NM password which
is on config.xml
You can also use WLST to encrypt clear text strings as below:
cd /bin
source setDomainEnv.sh
#java weblogic.WLST
wls:/offline> pass = encrypt(‘admin123’)
wls:/offline> print pass
Reset the AdminServer Password or when you change the DOMAIN_NAME
a. Shutdown the WebLogic Domain
b. Rename the data folder
mv $DOMAIN_HOME/servers/AdminServer/data
$DOMAIN_HOME/servers/AdminServer/data-old
and delete the tmp folder under $DOMAIN_HOME/servers/AdminServer
c. Set the environment variables
$. $DOMAIN_HOME/bin/setDomainEnv.sh
d. cd $DOMAIN_HOME/security
$ java weblogic.security.utils.AdminAccount username password .
e. Update the "$DOMAIN_HOME/servers/AdminServer/security/boot.properties" file with the new username and password. The file format is shown below.
username=
password=
f. Start the Weblogic Domain
$ $DOMAIN_HOME/bin/startWebLogic.sh
No comments:
Post a Comment