Skip to main content

Recovering WebLogic Passwords

In one of my previous articles (here) I explained that the SerializedSystemIni.dat file in WebLogic contains the key used to encrypt and decrypt passwords. If you're not currently keeping this file secure I suggest you do, as with it someone can (to name a few things):
  • Decrypt the WebLogic admin username and password from boot.properties.
  • Recover database passwords, if JDBC Connection pools are configured, from config.xml.
  • Recover the keystore passwords from config.xml and obtain SSL certificates stored in the jks keystores.
Essentially, they can do whatever they want, so if you don't know who can read your SerializedSystemIni.dat files, look... now.

In this article I will show how easy it is for this file to be used to recover lost passwords via a simple WLST script.


The Script

The script I use to decrypt passwords is incredibly short, and it works with WebLogic 8, 9 and 10 (probably for version 7 too). To use it, just create a new file called decryptpwd.py and paste the following code into it:

from weblogic.security.internal import *
from weblogic.security.internal.encryption import *

# Remind user about how to use
raw_input("Please ensure SerializedSystemIni.dat is in the current directory now, and press ENTER to continue.")

# Get encryption service
encryptionService = SerializedSystemIni.getEncryptionService(".")
clearOrEncryptService = ClearOrEncryptedService(encryptionService)

# Get user to enter password
pwd = raw_input("Enter encrypted password (Eg. {3DES}Y1fA34S...): ")

# Remove unnecessary escape characters
preppwd = pwd.replace("\\", "")

# Decrypt the password
print "Recovered password is: " + clearOrEncryptService.decrypt(preppwd)

You can download the script (decryptpwd.py) here.

Running the Script

To run this script, execute the WLST environment and provide it with the script to run. If you're using a version of WebLogic older than 8.1.6 you'll need to install a newer version which has WLST.

Use the following command (replace %WL_HOME% with the correct directory) to run the script.

%WL_HOME%\common\bin\wlst.cmd decryptpwd.py

Once the WLST environment has started up, the script will remind you to copy the SerializedSystemIni.dat file into the current directory. Press enter and paste your encrypted password string. That's it. It will spit out the password in plain-text.

Understanding the Script

The script is so short and simple it is barely worth explaining, but here are a few things worth mentioning.

You'll notice that the first two lines import weblogic.security packages. These are largely undocumented, so don't expect to find much information on them.

The next significant piece of code instantiates a ClearOrEncryptedService object which will use the SerializedSystemIni.dat file located in the current directory (".").

The final line of code decrypts the password and prints it in plain text.

Labels:

Comments

  1. AnonymousMarch 22, 2012 at 9:42 PM

    it is nice code to decript the password.
    Thanks...

    ReplyDelete
  2. AnonymousMay 1, 2012 at 12:01 AM

    Cool script

    ReplyDelete
  3. AnonymousJune 1, 2012 at 1:06 PM

    Superb dude

    ReplyDelete
  4. RoyJune 8, 2012 at 3:45 AM

    You are awesome :)

    ReplyDelete
  5. AnonymousJuly 17, 2012 at 1:34 AM

    Thanks! It works great!

    ReplyDelete
  6. AnonymousAugust 15, 2012 at 11:04 PM

    Excellent posting.

    ReplyDelete
  7. AnonymousOctober 8, 2012 at 7:50 PM

    perfect...

    ReplyDelete
  8. AnonymousDecember 15, 2012 at 9:39 AM

    It worked.

    It is not specified that where to keep this script file. Let's say your WL installation home is "C:\bea\" then your should keep this script in "C:\bea\user_projects\domains\%YOUR_DOMAIN%\security" folder

    Thanks a lot.

    ReplyDelete
  9. AnonymousFebruary 6, 2013 at 3:10 AM

    It worked and like last comment mentioned - PY script needs to be in same folder as "SerializedSystemIni.dat" (that is, under '"%WL_HOME%\user_projects\domains\\security') folder

    ReplyDelete
  10. AnonymousMay 21, 2013 at 9:57 PM

    Hi, where can I find the encrypted keystore password for weblogic 9.2?

    ReplyDelete
  11. AnonymousJuly 3, 2013 at 9:46 PM

    Thanks a lot Dear..It helped a lot.
    Cheers !!!

    ReplyDelete
  12. AnonymousSeptember 27, 2013 at 11:36 PM

    Its awsome!!!! its helped a lot. Thanks you very much!

    ReplyDelete
  13. LakshmiFebruary 22, 2014 at 5:58 PM

    boy...... u r a genius thnks a lot.... i mean it
    i wasted a whole day to find the script. googled it,
    many scripts came but without details where to place the script and from where to run .Finally i found ur site. thanks a lot.
    Cheers!!!!!!!!

    ReplyDelete
  14. UnknownMarch 1, 2014 at 4:04 AM

    You saved me after the consultant left. Even he didn't remember the password.

    ReplyDelete
  15. UnknownFebruary 25, 2016 at 8:52 AM

    You're the best, this article is awesome !

    ReplyDelete
  16. martin vellyDecember 20, 2019 at 8:21 PM


    This is realy a Nice blog post read on of my blogs Recover Password on Pinterest.

    ReplyDelete

Post a Comment

Popular posts from this blog

NullPointerException

java.lang.NullPointerException NullPointerException is described in the javadoc comments as: Thrown when an application attempts to use null in a case where an object is required. These include: Calling the instance method of a null object. Accessing or modifying the field of a null object. Taking the length of null as if it were an array. Accessing or modifying the slots of null as if it were an array. Throwing null as if it were a Throwable value. Applications should throw instances of this class to indicate other illegal uses of the null object. author: unascribed version: 1.19, 12/19/03 since: JDK1.0 Where is this exception thrown? Following, is a list of exception messages cross-referenced to the source code responsible for throwing them. Click on the method link to view the code and see how the exception is thrown. The message ' java.lang.NullPointerException: ' is thrown within the method: com.sun.corba.se.impl.interceptors.ClientRequestInfoImpl.get_r...
Post a Comment
Read more

Connection refused: No available router to destination

This is a simple symptom-cause-solution blog entry only. I hope these blogs will help fellow administrators. Symptom The following exception occurs in WebLogic server logs. Most likely to occur during WebLogic server start-up, but similar exceptions may occur at other times. java.net.ConnectException: t3://myserver:8000: Destination unreachable; nested exception is: java.net.ConnectException: Connection refused: connect; No available router to destination] at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:49) at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773) at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:363) at weblogic.jndi.Environment.getContext(Environment.java:307) at weblogic.jndi.Environment.getContext(Environment.java:277) Cause This message (Connection refused: connect; No available ...
Post a Comment
Read more