Recover Database Passwords from Weblogic Server

In this post, I am going to explain how to Decrypt or recover the passwords which are encrypted (or hashed) in Weblogic 8.1 especially the database passwords. If you ever forgot the database password which is already configured with Weblogic or the password for the user which is used to start Weblogic, this will be handy. The hashed passwords can be normally found in config.xml and boot.properties inside the application domain. The database passwords will be in config.xml under the JDBC configuration and will look something like below.

$ PasswordEncrypted="{3DES}bDcllidskanDsaIsnaiG=="

To recover the passwords, we need some prerequisites which are listed below.

  1. weblogic.jar & jsafeFIPS.jar from the Weblogic server. (You can find this under WL_HOME/server/lib directory)
  2. SerializedSystemIni.dat from the application domain (You can find this under the application domain root)
  3. The encrypted password from config.xml / boot.properties including {3DES}

SerializedSystemIni.dat has the key to recover the passwords so this is absolutely essential and it should be from the same server since the key depends on the machine. If you are not able to find this file, then probably the server administrator hasn’t given read access to this file to all the users. For Production systems that should be a practice, only the id which will be starting the weblogic server should have read permissions to the SerializedSystemIni.dat file. If not, this will be a security risk, its like leaving the key for your Home on the street. Coming back to the subject, if you got the file then you are all set for the next step.

Assuming you have all the files needed, let’s proceed to the next step. You can copy all the prerequisite files to your workstation or if needed you can run the utility from the server too. As long as the machines have JDK installed it should be fine.

To recover the passwords we will be using a utility from Apache Geronimo 2.0.1 API - Weblogic81Utils.java. Although this file is a part of a package, this can be run as a standalone class with little modification. All you need to do is to remove the package reference and add a main() method to the class. The code for main() method is below.

public static void main(String args[]) {
    try{
        String beaDir = "$Server/lib or the Directory which has the requried JAR files$";
        String appDir = "$App Domain or the Directory which has SerializedSystemIni.dat$";
        String hashedPassword = "{3DES}Vdsds76nGsfdsfKJbg54ss==";
        Weblogic81Utils weblogic81Utils = new Weblogic81Utils(beaDir, appDir);
        String plainTextPassword = weblogic81Utils.decryptString(hashedPassword);
        String configXML = weblogic81Utils.getConfigXML();
        Properties bootProperties = (Properties) weblogic81Utils.getBootProperties();
        System.out.println("-----------------------------------------------------");
        System.out.println("hashedPassword" + " == " + plainTextPassword);
        System.out.println("boot.properties" + " <username> "
            + bootProperties.getProperty("username"));
        System.out.println("boot.properties" + " <password> "
            + bootProperties.getProperty("password"));
        System.out.println("-----------------------------------------------------");
    } catch (Exception e) {
        throw (RuntimeException)new IllegalArgumentException("Unable to initialize"
            + "encryption routines from provided arguments").initCause(e);
    }
}

beaDir - If you are running this on the server, it will be the $WL_HOME/server/lib directory. If you are running elsewhere it will be the path which has weblogic.jar and jsafeFIPS.jar.

appDir - If you are running this on the server, it will be your application domain directory. If you are running elsewhere, it will be the path which contains SerializedSystemIni.dat, config.xml and boot.properties.

hashedPassword – In this example, I am not reading config.xml directly instead I give the encrypted password as a input. So this will be the encrypted database password from your config.xml.

Save the class file and we are all set to run the program. Make sure you removed the package reference since we are running this as a standalone program. No other change is required. Compile the class and run the class. I tested this using JDK 1.6, but any JDK higher than 1.4 should work.

Sample output is given below.

This was tested with Weblogic Server 8.1 and JDK 1.6.