Archive
Decrypt weblogic admin password
Pls follow below steps to decrypt Weblogic admin password
Step 1:- Create a file called – decryptPass.py and udpate the file with below cotents
import os
import weblogic.security.internal.SerializedSystemIni
import weblogic.security.internal.encryption.ClearOrEncryptedService
def decrypt(domainHomeName, encryptedPwd):
domainHomeAbsolutePath = os.path.abspath(domainHomeName)
encryptionService = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domainHomeAbsolutePath)
ces = weblogic.security.internal.encryption.ClearOrEncryptedService(encryptionService)
clear = ces.decrypt(encryptedPwd)
print "RESULT:" + clear
try:
if len(sys.argv) == 3:
decrypt(sys.argv[1], sys.argv[2])
else:
print "INVALID ARGUMENTS"
print " Usage: java weblogic.WLST decryptPassword.py DOMAIN_HOME ENCRYPTED_PASSWORD"
print " Example:"
print " java weblogic.WLST decryptPassword.py D:/Oracle/Middleware/user_projects/domains/base_domain {AES}819R5h3JUS9fAcPmF58p9Wb3syTJxFl0t8NInD/ykkE="
except:
print "Unexpected error: ", sys.exc_info()[0]
dumpStack()
raise
Step 2:- Set Domain environment variable
cd $FMW_HOME/user_projects/domains/<domain_name>
. setDomainEnv.sh
Once it is properly set, do echo $DOMAIN_HOME and you will find it getting properly displayed
Step 3:- Get encrypted password value from boot.properties file
$ grep password $DOMAIN_HOME/servers/AdminServer/security/boot.properties | sed -e "s/^password=\(.*\)/\1/"
{AES}udb6nZLDw24HiRRrZkojuoiLNiu/MfAIZpcU=
Step 4:- Decrypt the encrypted password obtained in Step 3 (Run the command from the location where the decryptPass.py is kept)
java weblogic.WLST decryptPass.py $DOMAIN_HOME {AES}udb6nZLDw24HiRRrZkojuoiLNiu/MfAIZpcU=
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
RESULT:r41cOWqpc
Hope this helps. Happy reading!
-Anand M
PASSWORD column NULL in DBA_USERS from 11g onwards
I got a request from support team to reset the DBA user password as they were getting some error due to password expiration.
However support person was not aware of the password.
SQL> select USERNAME,ACCOUNT_STATUS,EXPIRY_DATE 2 from dba_users 3 where USERNAME = 'PEOPLE'; USERNAME -------------------------------------------------------------------------------- ACCOUNT_STATUS -------------------------------------------------------------------------------- EXPIRY_DATE --------------- PEOPLE EXPIRED 03-NOV-14
Oracle 11g brought several security enhancements, as it is well known by the 11g users. On previous Oracle versions it was possible to query the DBA_USERS PASSWORD column to get the hashed password string. It was useful when someone tried to temporarily reset the user’s password and restore it to its original value without actually knowing it.
The command:
ALTER USER IDENTIFIED BY VALUES ‘F28740221A2D9A70’;
it could take the hashed value from the DBA_USERS data dictionary view. However starting with Oracle 11g this column is null … so where are we supposed to take this hashed value from?.
SQL> SELECT USERNAME, PASSWORD 2 FROM DBA_USERS 3 WHERE USERNAME='PEOPLE'; USERNAME PASSWORD --------------- ------------------------------ PEOPLE
Starting with Oracle 11g, there is a view called SYS.USER$ which stores the PASSWORD, the way it was stored prior to 11g.
Oracle 11g only makes it a little bit more difficult to get the hashed password, but if you login with “SYS” account, you can still apply the conventional (prior to 11g method) to temporarily reset the password, and still have access to the hashed password.
SQL> SELECT NAME, PASSWORD FROM SYS.USER$ WHERE NAME = 'PEOPLE' 2 3 ; NAME -------------------------------------------------------------------------------- PASSWORD -------------------------------------------------------------------------------- PEOPLE F28740221A2D9A70
And the command used to reset the password
SQL> alter user PEOPLE identified by values 'F28740221A2D9A70'; User altered. SQL> select USERNAME,ACCOUNT_STATUS,EXPIRY_DATE 2 from dba_users 3 where USERNAME = 'PEOPLE'; USERNAME -------------------------------------------------------------------------------- ACCOUNT_STATUS -------------------------------------------------------------------------------- EXPIRY_DATE --------------- PEOPLE OPEN 14-JUN-15
Thats Me
Oracle 9i,10g,11g Certified Professional
Oracle 11i,R12 APPS DBA OCP
Oracle 10g RAC OCE
Oracle Exadata 11g Certified Implementation Specialist
Oracle DB 11g Performance Tunining Certified Expert
I have more than 11 years of experience in IT. I am working as Database Administrator / APPS DBA for an Software Consultng company and currently based out of US. I am Oracle Certified Professional DBA in Oracle 9i,10g & 11g. I have worked on Oracle 10g RAC, Oracle Replication and Oracle Data Guard technologies. I have special interest in Oralce apps Performance management and have worked extensively on performance tuning.
My experiences with Oracle E-Business implementation/support involves mostly around the the technical aspect of it, i.e., integrating various systems with EBusiness Suite, helping/supporting on reports developments, technical implementation, patch updates, maintenance, and certain level of apps system administration, functional know how & functional assistance for SCM, Financials, BI modules.
I closely work on Oracle application server administration & weblogic admin as well.
My Flickr Snaps
|
