Oracle, WebLogic Server May 8, 2014 19

Recover Decrypt WebLogic Server Admin Password

One of the most important WebLogic Server files in terms of security is SerializedSystemIni.dat which contains encrypted security data and is located in $DOMAIN_HOME/security directory. Other file is file located in $DOMAIN_HOME/servers/AdminServer/security directory which contains an encrypted version of weblogic admin username and password.

 Below tutorial shows how to decrypt, recover username or password, having access to SerializedSystemIni.dat and files. But not only, we can also use this method to:

  • recover database username and password of JDBC Connection pool – encrypted password resides in $DOMAIN_HOME/config/jdbc directory, in xml files
  • recover password of a keystore where we store SSL certificates
  • any encrypted password from config.xml  located in $DOMAIN_HOME/config dir

Let’s roll:

NOTESerializedSystemIni.dat file exists in $DOMAIN_HOME/security directory. 

1. Create a script in $DOMAIN_HOME/security directory and paste the following code into it:

from import *
from import *
encryptionService = SerializedSystemIni.getEncryptionService(".")
clearOrEncryptService = ClearOrEncryptedService(encryptionService)

# Take encrypt password from user
pwd = raw_input("Paste encrypted password ({AES}fk9EK...): ")

# Delete unnecessary escape characters
preppwd = pwd.replace("\\", "")

# Display password
print "Decrypted string is: " + clearOrEncryptService.decrypt(preppwd)

2. Set domain environment variables

source $DOMAIN_HOME/bin/

3. Get encrypted password, in this example from file of AdminServer

grep username $DOMAIN_HOME/servers/AdminServer/security/ | sed -e "s/^username=\(.*\)/\1/"

grep password $DOMAIN_HOME/servers/AdminServer/security/ | sed -e "s/^password=\(.*\)/\1/"

4. Navigate to $DOMAIN_HOME/security directory and run the following command to start decryption:

cd $DOMAIN_HOME/security

java weblogic.WLST

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Please enter encrypted password (Eg. {AES}fk9EK...): {AES}jkIkkdh693dsyLt+DrKUfNcXryuHKLJD76*SXnPqnl5oo\=
Decrypted string is: welcome01

Decrypted value will be displayed on the screen.