Monday, April 28, 2014

Extracting encrypted password of a weblogic datasource

In some cases you might need to know the password of an already setup datasource.  If you go to the weblogic console url your'll just see **** symbols. If you look directly into the xml file the password is not visible either, so where do you go from here.  You could use a WLST script similar to the following. Please consider file paths as well as host and weblogic credentials are hardcoded but you could easily replace those. See below an example.


#This WLST script will extract the encrypted password of 
#any given weblogic datasource
from weblogic.security.internal import *
from weblogic.security.internal.encryption import *
from xml.dom import minidom

# Path where the wncrypted pwd is (replace path with your jdbc xml file path)
doc = minidom.parse('/oracle/fmwhome/user_projects/domains/dev_bpm/config/jdbc/mds-soa-jdbc.xml')
pwd = doc.childNodes[0].childNodes[3].childNodes[7].firstChild.data

#Get password of connectionpool (replace path with your domain security path)
encryptionService = SerializedSystemIni.getEncryptionService("/oracle/fmwhome/user_projects/domains/dev_bpm/security")
clearOrEncryptService = ClearOrEncryptedService(encryptionService)

# Remove unneeded characters
preppwd = pwd.replace("\\", "")

# Decrypt the password
psd=clearOrEncryptService.decrypt(preppwd)
print('Unencrypted password -> ' + psd)

No comments:

Post a Comment