Thursday, May 26, 2016

Hacking users in WebLogic

vi $DOMAIN_HOME/security/DefaultAuthenticatorInit.ldift
insert this:

dn: uid=PIPPO,ou=people,ou=@realm@, dc=@domain@
description: Test generated user
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: S107077
sn: S107077
userpassword: {ssha}blablabla
uid: PIPPO
objectclass: wlsUser
wlsMemberOf: cn=Administrators,ou=groups,ou=@realm@,dc=@domain@

PIPPO should become an Administrative user

ssha passwords (ssha being a variant of SHA1) can be generated with openssh or with Python/WLST

No comments: