Friday, 30 September 2016

Decrypt weblogic password

Decrypt weblogic password
--------------------------
1. Create a script decrypt_password.py in $DOMAIN_HOME/security directory and paste the following code into it:
========================================================================
from weblogic.security.internal import *
from weblogic.security.internal.encryption import *
encryptionService = SerializedSystemIni.getEncryptionService(".")
clearOrEncryptService = ClearOrEncryptedService(encryptionService)
# Take encrypt password from user
pwd = raw_input("Paste encrypted password ({AES}fk9EK...): ")
# Delete unnecessary escape characters
preppwd = pwd.replace("\\", "")
# Display password
print "Decrypted string is: " + clearOrEncryptService.decrypt(preppwd)
========================================================================
2. Set domain environment variables or run the setDomainEnv.sh script
source $DOMAIN_HOME/bin/setDomainEnv.sh
3. Get encrypted password, in this example from boot.properties file of AdminServer
{AES}jkIkkdh693dsyLt+DrKUfNcXryuHKLJD76*SXnPqnl5oo\=
4. Navigate to $DOMAIN_HOME/security directory and run the following command to start decryption:
cd $DOMAIN_HOME/security
java weblogic.WLST decrypt_password.py
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Please enter encrypted password (Eg. {AES}fk9EK...): {AES}jkIkkdh693dsyLt+DrKUfNcXryuHKLJD76*SXnPqnl5oo\=
Decrypted string is: welcome01
Decrypt weblogic password
=========================
Go to /config directory
Cat  config.xml  and find the element < custom-identity-key-store-pass-phrase-encrypted>
Copy the encrypted password to a notepad
Go to /server/bin folder
Run the below command to set environment
. ./setWLSEnv.sh ( make sure you have two dots separated by a space)
Go to /security folder ( IMPORTANT- make sure you have SerializedSystemIni.dat file exist in this directory)
Create a file named decryptpassword.py
Add the below lines to it
from weblogic.security.internal import *
from weblogic.security.internal.encryption.import *
#This will prompt you to make sure you have SerializedSystemIni.dat file under #current directory from where you are running command
raw_input("Please make sure you have SerializedSystemIni.dat inside the current directory, if yes press ENTER to continue.")
# Encryption service
encryptionService = SerializedSystemIni.getEncryptionService(".")
clearOrEncryptService = ClearOrEncryptedService(encryptionService)
# Take encrypt password from user
pwd = raw_input("Please enter encrypted password (Eg. {3DES}Bxt5E3...): ")
# Delete unnecessary escape characters
preppwd = pwd.replace("\\", "")
# Decrypt password
print "Your password is: " + clearOrEncryptService.decrypt(preppwd)
Then run the above python file by running below command  (IMPORTANT – make sure you are running from /security directory
java weblogic.WLST decryptpassword.py
 it will prompt to press enter
then it will prompt you to provide encrypted password
please enter the encrypted password from your notepad

it will display the clear text password
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)