Tuesday, July 3, 2012

Weblogic Password Decrypt

Share it Please
There are cases sometimes where we need to de crypt the password provided. That may be for a connection pool or a security realm.

In this article we will see how we can de crypt a Weblogic password. Consider we are decrypting a password for a connection pool

1.Copy the SerializedSystemIni.dat file from the from the location /config/weblogic/wls10/domains/<domain Name>/security directory to a local location .This file usually gets created during the Domain Configuration. So the file will be different for every domain. Since this file is different for every domain , the passwords will be using this file to encrypt and decyrpt.

If we look at the config.xml file for a connection pool, we see password values as some thing that starts with {3DES} . Weblogic use "Triple Des" algorithm for encrypting the passwords. When Weblogic encrypts or decrypts password it uses a hash value that is stored in SerializedSystemini.dat file. Hence we use the SerializedSystemini.dat file

1.Write the java Files


public class SsmDecrypt
public static EncryptionService es = null;
public static ClearOrEncryptedService ces = null;

public static void main(String args[])
String s = null;
if(args.length == 0)
System.out.println("Enter Password");
if(args.length == 1)
s = args[0];
System.err.println("Usage: java Decrypt [ password ]");
es = SerializedSystemIni.getExistingEncryptionService();
if(es == null)
System.err.println("Unable to initialize encryption service");
ces = new ClearOrEncryptedService(es);
if(s != null)
System.out.println("\nDecrypted Password is:"+ces.decrypt(s));

Save as

3.compile the java file using ,
We have the weblogic.jar file available in class path. The only thing missing is we need to make sure that the file is also available in class path.

javac -cp $(pwd):$CLASSPATH

4. Now execute the SsmDecrypt using

java -cp $(pwd):$CLASSPATH SsmDecrypt {3DES}TxggYcDW5y4=
Decrypted Password is:d100

NOTE : If you need to encrypt the password in Weblogic we can use

Dev:LocalHost-com $ java id4sbc

Happy Learning :-)