password | Oracle Application Technology

Decrypt weblogic admin password

November 22, 2016 anandmandilwar Leave a comment

Pls follow below steps to decrypt Weblogic admin password

Step 1:- Create a file called – decryptPass.py and udpate the file with below cotents


import os
import weblogic.security.internal.SerializedSystemIni
import weblogic.security.internal.encryption.ClearOrEncryptedService

def decrypt(domainHomeName, encryptedPwd):
domainHomeAbsolutePath = os.path.abspath(domainHomeName)
encryptionService = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domainHomeAbsolutePath)
ces = weblogic.security.internal.encryption.ClearOrEncryptedService(encryptionService)
clear = ces.decrypt(encryptedPwd)
print "RESULT:" + clear

try:
if len(sys.argv) == 3:
decrypt(sys.argv[1], sys.argv[2])
else:
print "INVALID ARGUMENTS"
print " Usage: java weblogic.WLST decryptPassword.py DOMAIN_HOME ENCRYPTED_PASSWORD"
print " Example:"
print " java weblogic.WLST decryptPassword.py D:/Oracle/Middleware/user_projects/domains/base_domain {AES}819R5h3JUS9fAcPmF58p9Wb3syTJxFl0t8NInD/ykkE="
except:
print "Unexpected error: ", sys.exc_info()[0]
dumpStack()
raise

Step 2:- Set Domain environment variable

cd $FMW_HOME/user_projects/domains/<domain_name>


. setDomainEnv.sh

Once it is properly set, do echo $DOMAIN_HOME and you will find it getting properly displayed

Step 3:- Get encrypted password value from boot.properties file


$ grep password $DOMAIN_HOME/servers/AdminServer/security/boot.properties | sed -e "s/^password=\(.*\)/\1/"

{AES}udb6nZLDw24HiRRrZkojuoiLNiu/MfAIZpcU=

Step 4:- Decrypt the encrypted password obtained in Step 3 (Run the command from the location where the decryptPass.py is kept)


java weblogic.WLST decryptPass.py $DOMAIN_HOME {AES}udb6nZLDw24HiRRrZkojuoiLNiu/MfAIZpcU=

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

RESULT:r41cOWqpc

Hope this helps. Happy reading!

-Anand M

Categories: Oracle Apps, WebLogic Tags: decrypt, password, WebLogic

PASSWORD column NULL in DBA_USERS from 11g onwards

December 16, 2014 anandmandilwar Leave a comment

I got a request from support team to reset the DBA user password as they were getting some error due to password expiration.
However support person was not aware of the password.

SQL> select USERNAME,ACCOUNT_STATUS,EXPIRY_DATE
  2  from dba_users
  3  where USERNAME = 'PEOPLE';

USERNAME
--------------------------------------------------------------------------------
ACCOUNT_STATUS
--------------------------------------------------------------------------------
EXPIRY_DATE
---------------
PEOPLE
EXPIRED
03-NOV-14

Oracle 11g brought several security enhancements, as it is well known by the 11g users. On previous Oracle versions it was possible to query the DBA_USERS PASSWORD column to get the hashed password string. It was useful when someone tried to temporarily reset the user’s password and restore it to its original value without actually knowing it.
The command:

ALTER USER IDENTIFIED BY VALUES ‘F28740221A2D9A70’;

it could take the hashed value from the DBA_USERS data dictionary view. However starting with Oracle 11g this column is null … so where are we supposed to take this hashed value from?.

SQL> SELECT USERNAME, PASSWORD
2 FROM DBA_USERS
3 WHERE USERNAME='PEOPLE';

USERNAME PASSWORD
--------------- ------------------------------
PEOPLE

Starting with Oracle 11g, there is a view called SYS.USER$ which stores the PASSWORD, the way it was stored prior to 11g.

Oracle 11g only makes it a little bit more difficult to get the hashed password, but if you login with “SYS” account, you can still apply the conventional (prior to 11g method) to temporarily reset the password, and still have access to the hashed password.

SQL> SELECT NAME, PASSWORD
FROM SYS.USER$
WHERE NAME = 'PEOPLE'   2    3  ;

NAME
--------------------------------------------------------------------------------
PASSWORD
--------------------------------------------------------------------------------
PEOPLE
F28740221A2D9A70

And the command used to reset the password

SQL> alter user PEOPLE identified by values 'F28740221A2D9A70';

User altered.

SQL> select USERNAME,ACCOUNT_STATUS,EXPIRY_DATE
  2  from dba_users
  3  where USERNAME = 'PEOPLE';

USERNAME
--------------------------------------------------------------------------------
ACCOUNT_STATUS
--------------------------------------------------------------------------------
EXPIRY_DATE
---------------
PEOPLE
OPEN
14-JUN-15

Categories: Oracle Database Tags: dba_users, password

Thats Me

Project Management Professional (PMP)
AWS Certified Solutions Architect - Associate
AWS Certified SysOps Administrator - Associate

Oracle 9i,10g,11g Certified Professional
Oracle 11i,R12 APPS DBA OCP
Oracle 10g RAC Oracle Certified Expert
Oracle Exadata 11g Certified Implementation Specialist
Oracle DB 11g Performance Tuning Certified Expert

I have more than 17 years of experience in IT. I am working as a Project Manager (With Infra as a core domain) for a Software Consulting company and currently based out of US. I am Oracle Certified Professional DBA in Oracle 9i,10g & 11g. I have worked on Oracle 10g RAC, Oracle Replication and Oracle Data Guard technologies. I have special interest in Oracle apps Performance management and have worked extensively on performance tuning.

My experiences with Oracle E-Business implementation/support involves mostly around the the technical aspect of it, i.e., integrating various systems with E Business Suite, helping/supporting on reports developments, technical implementation, patch updates, maintenance, and certain level of apps system administration, functional know how & functional assistance for SCM, Financials, BI modules.

I closely work on Oracle application server administration & weblogic admin as well.