Friday, July 16, 2010

How to recover weblogic password - or encrypt a password

Put the SerializedSystemIni.dat in the current directory.

run
java weblogic.WLST

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

import weblogic.security.internal.SerializedSystemIni
import weblogic.security.internal.encryption.ClearOrEncryptedService

es=weblogic.security.internal.SerializedSystemIni.getEncryptionService(".")
ces=weblogic.security.internal.encryption.ClearOrEncryptedService(es)
ces.decrypt("{AES}9P7z/8D7ccvDWhBmqa0NEhR1b65BlFuBeVQ3WpwJHTI=")
'weblogic'
ces.decrypt("{AES}Tlxc7yoE4BGQS2k5XBsMX/Kx4XgEBAcPqzXH7PP5zSI=")
'weblogic22'



the 2 strings used as parameters to decrypt should be copied from boot.properties file

very appreciated courtesy of Simon Vans-Colina


You could receive this exception:

weblogic.security.internal.encryption.EncryptionServiceException: weblogic.security.internal.encryption.EncryptionServiceException: com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte.

In this case, I have no clue.


An alternative approach could be this:

http://weblogictips.wordpress.com/wls-security/

just replacing the LDIF file with a brand new one


To encrypt a paassword:

dom
cd bin
. ./setDomainEnv.sh
java weblogic.security.Encrypt
Password: (enter password here)
{AES}aRC9klq8c5CljKpshacfrsc7WFNB49mfQG+MtuCDgFg=

you can now use the AES password in all weblogic files.

3 comments:

Rakesh Gupta said...

Thank you for this post. I could recover all the passwords for my domain.

Keep up the good work.

Saranya said...

Good One.

I tried teh same for {3DES} format but it gives me error. Any idea why?

Pierluigi Vernetto said...

my good friend Chris wrote something about 3DES here

http://datalinks.nl/wordpress/?p=16