RECOVER WEBLOGIC ADMINISTRATION PASSWORD OF ENTERPRISE MANAGER 13.3 IN OCI (MARKETPLACE IMAGE)
First let’s get the encrypted information from boot.properties file:
1 | [oracle@emcc ~]$ locate boot.properties
/u01/app/database/product/dmu/ide/macros/ide-boot.properties
/u01/app/em13c/gc_inst/user_projects/domains/GCDomain/servers/BIP/data/nodemanager/boot.properties
/u01/app/em13c/gc_inst/user_projects/domains/GCDomain/servers/EMGC_ADMINSERVER/security/boot.properties
/u01/app/em13c/gc_inst/user_projects/domains/GCDomain/servers/EMGC_OMS1/data/nodemanager/boot.properties
[oracle@emcc ~]$ cat /u01/app/em13c/gc_inst/user_projects/domains/GCDomain/servers/EMGC_ADMINSERVER/security/boot.properties
# Generated by Configuration Wizard on Tue Sep 24 20:34:34 GMT 2019
username={AES}3NS1EBc7m+pYcrdJ95JoVadLsajHHAow9U2DDGRvvYbTJSVcb/FQ=
password={AES}cG1DmW0NJhBaNU0OFlMjsassa4agLsxsdsXqcaSVrCYm32/h5xpQ=
[oracle@emcc ~]$ |
The encrypted information starts with {AES} and ends with equal (=) sign. To decrypt the username and password, we will create a simple java application:
1 2 3 4 5 6 7 8 9 10 | oracle@db-cloud GCDomain$ vi recoverpassword.java public class recoverpassword { public static void main(String[] args) { System.out.println( new weblogic.security.internal.encryption.ClearOrEncryptedService( weblogic.security.internal.SerializedSystemIni.getEncryptionService(args[0] )).decrypt(args[1])); } } |
Save it as “recoverpassword.java”. To be able to compile (and run) it, we need to set environment variables (we’re still in GCDomain folder). We’ll give the encrypted part as the last parameter:
1 2 3 4 5 6 | oracle@db-cloud GCDomain$ . bin/setDomainEnv.sh oracle@db-cloud GCDomain$ javac recoverpwd.java oracle@db-cloud GCDomain$ java -cp $CLASSPATH:. recoverpwd \ $DOMAIN_HOME < encrypted username from boot.properties > oracle@db-cloud GCDomain$ java -cp $CLASSPATH:. recoverpwd \ $DOMAIN_HOME < encrypted password from boot.properties > [oracle@emcc ~]$ /u01/app/jdk1.8.0_201/bin/java -cp $CLASSPATH:. recoverpwd $DOMAIN_HOME {AES}3NS1EBc7m+pYcrdJ95JoVow9U2DDGRvvYbTJSVcb/FQ=
weblogic
[oracle@emcc ~]$ /u01/app/jdk1.8.0_201/bin/java -cp $CLASSPATH:. recoverpwd $DOMAIN_HOME {AES}cG1DmW0NJhBaNU0OFlMj4agLsXqcaSVrCYm32/h5xpQ=
welcome1
[oracle@emcc ~] |
I intentionally break the lines to make the code fits the page but you don’t need to do it. Correct CLASSPATH and DOMAIN_NAME are set when we issued “. bin/setDomainEnv.sh” command. When we run the last two commands, we should see the weblogic administrator username and password in plain text. By the way, even if you use the same password with me, you may see different encrypted text because when encrypting and decrypting, weblogic uses the cypher key stored in “security/SerializedSystemIni.dat” file. So as long as the cypher key is different, you get different encrypted text for even same input.
No comments:
Post a Comment