Archive

Posts Tagged ‘password’

Decrypt weblogic admin password

November 22, 2016 Leave a comment

Pls follow below steps to decrypt Weblogic admin password

Step 1:- Create a file called – decryptPass.py and udpate the file with below cotents


import os
import weblogic.security.internal.SerializedSystemIni
import weblogic.security.internal.encryption.ClearOrEncryptedService

def decrypt(domainHomeName, encryptedPwd):
domainHomeAbsolutePath = os.path.abspath(domainHomeName)
encryptionService = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domainHomeAbsolutePath)
ces = weblogic.security.internal.encryption.ClearOrEncryptedService(encryptionService)
clear = ces.decrypt(encryptedPwd)
print "RESULT:" + clear

try:
if len(sys.argv) == 3:
decrypt(sys.argv[1], sys.argv[2])
else:
print "INVALID ARGUMENTS"
print " Usage: java weblogic.WLST decryptPassword.py DOMAIN_HOME ENCRYPTED_PASSWORD"
print " Example:"
print " java weblogic.WLST decryptPassword.py D:/Oracle/Middleware/user_projects/domains/base_domain {AES}819R5h3JUS9fAcPmF58p9Wb3syTJxFl0t8NInD/ykkE="
except:
print "Unexpected error: ", sys.exc_info()[0]
dumpStack()
raise

Step 2:- Set Domain environment variable

cd $FMW_HOME/user_projects/domains/<domain_name>


. setDomainEnv.sh

Once it is properly set, do echo $DOMAIN_HOME and you will find it getting properly displayed

Step 3:- Get encrypted password value from boot.properties file


$ grep password $DOMAIN_HOME/servers/AdminServer/security/boot.properties | sed -e "s/^password=\(.*\)/\1/"

{AES}udb6nZLDw24HiRRrZkojuoiLNiu/MfAIZpcU=

Step 4:- Decrypt the encrypted password obtained in Step 3 (Run the command from the location where the decryptPass.py is kept)


java weblogic.WLST decryptPass.py $DOMAIN_HOME {AES}udb6nZLDw24HiRRrZkojuoiLNiu/MfAIZpcU=

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

RESULT:r41cOWqpc

Hope this helps. Happy reading!

-Anand M

Advertisements

PASSWORD column NULL in DBA_USERS from 11g onwards

December 16, 2014 Leave a comment

I got a request from support team to reset the DBA user password as they were getting some error due to password expiration.
However support person was not aware of the password.

SQL> select USERNAME,ACCOUNT_STATUS,EXPIRY_DATE
  2  from dba_users
  3  where USERNAME = 'PEOPLE';

USERNAME
--------------------------------------------------------------------------------
ACCOUNT_STATUS
--------------------------------------------------------------------------------
EXPIRY_DATE
---------------
PEOPLE
EXPIRED
03-NOV-14

Oracle 11g brought several security enhancements, as it is well known by the 11g users. On previous Oracle versions it was possible to query the DBA_USERS PASSWORD column to get the hashed password string. It was useful when someone tried to temporarily reset the user’s password and restore it to its original value without actually knowing it.
The command:

ALTER USER IDENTIFIED BY VALUES ‘F28740221A2D9A70’;

it could take the hashed value from the DBA_USERS data dictionary view. However starting with Oracle 11g this column is null … so where are we supposed to take this hashed value from?.

SQL> SELECT USERNAME, PASSWORD
2 FROM DBA_USERS
3 WHERE USERNAME='PEOPLE';

USERNAME PASSWORD
--------------- ------------------------------
PEOPLE 

Starting with Oracle 11g, there is a view called SYS.USER$ which stores the PASSWORD, the way it was stored prior to 11g.

Oracle 11g only makes it a little bit more difficult to get the hashed password, but if you login with “SYS” account, you can still apply the conventional (prior to 11g method) to temporarily reset the password, and still have access to the hashed password.

SQL> SELECT NAME, PASSWORD
FROM SYS.USER$
WHERE NAME = 'PEOPLE'   2    3  ;

NAME
--------------------------------------------------------------------------------
PASSWORD
--------------------------------------------------------------------------------
PEOPLE
F28740221A2D9A70

And the command used to reset the password

SQL> alter user PEOPLE identified by values 'F28740221A2D9A70';

User altered.

SQL> select USERNAME,ACCOUNT_STATUS,EXPIRY_DATE
  2  from dba_users
  3  where USERNAME = 'PEOPLE';

USERNAME
--------------------------------------------------------------------------------
ACCOUNT_STATUS
--------------------------------------------------------------------------------
EXPIRY_DATE
---------------
PEOPLE
OPEN
14-JUN-15
Categories: Oracle Database Tags: ,