How to crack WebLogic password management?

By BeanSoft@126.com

Sometimes, the Administrator may forget the admin username and password of the WebLogic domain. How can I restore these passwords? This article will demonstrate how to use a simple Java program to restore the forgotten user name and password within several seconds.

Step 1: create a separate directory, such as C: \ DecryptionDemo.

Step 2: Create a Java file Decrypt. java with the following code:

Import java. io. PrintStream;
Import weblogic. security. internal .*;
Import weblogic. security. internal. encryption .*;

Public class Decrypt
{
Static EncryptionService es = null;
Static ClearOrEncryptedService ces = null;
Public static void main (String args [])
{
String s = null;
If (args. length = 0)
S = ServerAuthenticate. promptValue ("Password:", false );
Else
If (args. length = 1)
S = args [0];
Else
System. err. println ("Usage: java Decrypt [password]");
Es = SerializedSystemIni. getExistingEncryptionService ();
If (es = null)
{
System. err. println ("Unable to initialize encryption service ");
Return;
}
Ces = new ClearOrEncryptedService (es );
If (s! = Null)
System. out. println ("\ nDecrypted Password is:" + ces. decrypt (s ));
}
}

 

Step 3: run the related commands to decrypt the strings in the D: \ bea \ user_projects \ domains \ 1034 \ servers \ AdminServer \ security \ boot. properties file:

Call D: \ bea \ wlserver_10.3 \ server \ bin \ setWLSEnv. cmd
Copy D: \ bea \ user_projects \ domains \ 1034 \ security \ SerializedSystemIni. dat .\
Javac Decrypt. java
Java-cp.; % CLASSPATH % Decrypt {AES} QxP9vMIXw7g39iRfGNlZ76TOoHq9bLhwnTjlBWopGBw =
Pause

The original password is weblogic1. the effect is shown in:

 

Security risks:

If anyone knows the name of your domain, they can create a domain with the same name to obtain the file SerializedSystemIni. dat and boot. properties, and then the original password plaintext can be cracked. Maybe this is a security vulnerability!