Decrypt any encrypted password in your WebLogic Server Domain

It happens regularly, that you configure a WebLogic Domain and you forgot after some time the given password for the WebLogic Administration User or you have configured a JDBC Data Source and you forgot the password of the used Oracle Database User.

All you need is following small Python Script called decrypt.py:

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41

#/bin/python #===================================================================== # # $Id: decrypt.py $ # # PURPOSE:    Script to decrypt any Password or Username #             within a WebLogic Server Domain # # PARAMETERS: none # # NOTES:      none # # AUTHOR:     Dirk Nachbar, https://dirknachbar.blogspot.com # # MODIFIED: # # #=====================================================================   # Import weblogic.security.internal and weblogic.security.internal.encryption from weblogic.security.internal import * from weblogic.security.internal.encryption import *   # Provide Domain Home Location domain = raw_input("Provide Domain Home location: ")   # Get encryption service with above Domain Home Location encryptService = SerializedSystemIni.getEncryptionService(domain) clearOrEncryptService = ClearOrEncryptedService(encryptService)   # Provide the encrypted password or username, e.g. from boot.properties encrypted_pwd = raw_input("Provide encrypted password or username (e.g.: {AES}jNdVLr...): ")   # Clear the encrypted value from escaping characters cleared_pwd = encrypted_pwd.replace("\\", "")   # Personal security hint :-) raw_input("Make sure that nobody is staying behind you :-) Press ENTER to see the password ...")   # Decrypt the encrypted password or username print "Value in cleartext is: " + clearOrEncryptService.decrypt(cleared_pwd)

Let's say you will need the password from your WebLogic Administration user, which is present in your boot.properties file under $DOMAIN_HOME/servers/<AdminServerName>/security

?

1 2 3 4 5 6

cd $DOMAIN_HOME/servers/AdminServer/security cat boot.properties   #Tue Sep 05 14:05:32 CEST 2017 password={AES}hjP+5eQrx8j6S6b5JRdluvACHjtov3vo3pQ10c+h/Pg\= username={AES}bHAMPwpk4izstmC7RW3K0jjQK4h4WlNEGu17LqRKYaE\=

Now start the script with your wlst.sh from $ORACLE_HOME/oracle_common/common/bin, provide your DOMAIN_HOME directory and provide the encrypted password.

?

1 2 3 4 5 6 7 8 9 10 11 12

$ORACLE_HOME/oracle_common/common/bin/wlst.sh decrypt.py   Initializing WebLogic Scripting Tool (WLST) ...   Welcome to WebLogic Server Administration Scripting Shell   Type help() for help on available commands   Provide Domain Home location: /u00/app/oracle/user_projects/domains/demo_domain Provide encrypted password (e.g.: {AES}jNdVLr...): {AES}hjP+5eQrx8j6S6b5JRdluvACHjtov3vo3pQ10c+h/Pg\= Make sure that nobody is staying behind you :-) Press ENTER to see the password ... Value in cleartext is: Oracle12c

The same works with encrypted passwords in your JDBC Data Source configuration file.

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

cat $DOMAIN_HOME/config/jdbc/testDS*.xml | grep password-encrypted     <password-encrypted>{AES}xYk2xRXa5DzyCK/qC0TZJ+bsxWiGIxMDtiVWMstJxD0=</password-encrypted>   # Now execute the decrypt.py $ORACLE_HOME/oracle_common/common/bin/wlst.sh decrypt.py   Initializing WebLogic Scripting Tool (WLST) ...   Welcome to WebLogic Server Administration Scripting Shell   Type help() for help on available commands   Provide Domain Home location: /u00/app/oracle/user_projects/domains/demo_domain Provide encrypted password (e.g.: {AES}jNdVLr...): {AES}xYk2xRXa5DzyCK/qC0TZJ+bsxWiGIxMDtiVWMstJxD0= Make sure that nobody is staying behind you :-) Press ENTER to see the password ... Value in cleartext is: Test12c

So, you don't have to rebuild your Oracle WebLogic Domain when you lost your WebLogic Admin User Password.

Happy decrypting :-)