Tuesday, July 19, 2011

Uncovering weblogic encryption

Use the tool : weblogic.security.Encrypt
http://download.oracle.com/docs/cd/E13222_01/wls/docs81/admin_ref/utils17.html
encrypt
The weblogic.security.Encrypt utility encrypts cleartext strings for use with WebLogic Server. The utility uses the encryption service of the current directory, or the encryption service for a specified WebLogic Server domain root directory.
Note: An encrypted string must have been encrypted by the encryption service in the WebLogic Server domain where it will be used. If not, the server will not be able to decrypt the string.
You can only run the weblogic.security.Encrypt utility on a machine that has at least one server instance in a WebLogic Server domain; it cannot be run from a client.
Note: BEA Systems recommends running the utility in the Administration Server domain directory or on the machine hosting the Administration Server and specifying a domain root directory.
Syntax
java [ -Dweblogic.RootDirectory=dirname ] [ -Dweblogic.management.allowPasswordEcho=true ] weblogic.security.Encrypt [ password ]

Argument
Definition
weblogic.RootDirectory
Optional. WebLogic Server domain directory in which the encrypted string will be used. If not specified, the default domain root directory is the current directory (the directory in which the utility is being run).
weblogic.management.allowPasswordEcho
Optional. Allows echoing characters entered on the command line. weblogic.security.Encrypt expects that no-echo is available; if no-echo is not available, set this property to true.
password
Optional. Cleartext string to be encrypted. If omitted from the command line, you will be prompted to enter a password.

Examples
The utility returns an encrypted string using the encryption service of the domain located in the current directory.
java weblogic.security.Encrypt xxxxxx
{3DES}Rd39isn4LLuF884Ns
The utility returns an encrypted string using the encryption service of the specified domain location.
java -Dweblogic.RootDirectory=./mydomain weblogic.security.Encrypt xxxxxx
{3DES}hsikci118SKFnnw
The utility returns an encrypted string in the current directory, without echoing the password.
java weblogic.security.Encrypt
Password:
{3DES}12hsIIn56KKKs3
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)