• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • Thre might be situation while working in a Middleware team where Oracle WebLogic environment setup is done by someone else, or you don’t know the password, but you have the server access.

    If you are in such situation and need to know the password, then the following would be handy to decode it.

    Decrypting WebLogic Console Password

    This assumes you had server access and logged in with the respective UNIX account.

    Go to Oracle bin directory (oracle_home/common/bin)E

    Execute the wlst.sh

    ./wlst.sh

    You will get WLST prompt in offline mode, invoke the following command

    wls:/offline> domain = "/opt/apps/user_projects/domains/domain_name"

    Note: change the domain path if necessary

    wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
    wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
    wls:/offline> print encryption.decrypt("{AES}WDhZb5/IP95P4eM8jwYITiZs01kawSeliV59aFog1jE=")
     weblogic123
    wls:/offline>

    Note: encrypted code starting with AES you can find in a boot.properties file.

    As you can see the password is decoded – weblogic123

    Decrypting WebLogic Java Keystore Password

    If you are not sure what the password is for your WebLogic Java keystore, then you can use the following wlst method to decode it.

    Invoke wlst.sh from Oracle home>>bin directory and execute the below commands

    wls:/offline> domain = "/opt/apps/user_projects/domains/domain_name"

    Note: Change the domain path if necessary

    wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
    wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
    wls:/offline> print encryption.decrypt("{AES}WDhZb5/IP95P4eM8jwYITiZs01kawSeliV59aFog1jE=")
     weblogic123
    wls:/offline>

    Note: encrypted string starting with AES, you can find in config.xml

    You may face the following issue while decrypting.

    wls:/offline> print encryption.decrypt("{AES}yM9zSPu4d57o83Hi3yromUP3Vzu+FUTpHMwl1U90kMM\=")
    Traceback (innermost last):
    File "<console>", line 1, in ?
    at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
    at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
    at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    weblogic.security.internal.encryption.EncryptionServiceException: weblogic.security.internal.encryption.EncryptionServiceException

    If you are encountering the above error, then you got to remove the forward symbol at the end.

    From

    wls:/offline> print encryption.decrypt("{AES}yM9zSPu4d57o83Hi3yromUP3Vzu+FUTpHMwl1U90kMM\=")

    To

    wls:/offline> print encryption.decrypt("{AES}yM9zSPu4d57o83Hi3yromUP3Vzu+FUTpHMwl1U90kMM=")

    I hope the above quick instructions help you in decrypting password for WebLogic Console and Java keystore.

    Interested in learning Oracle WebLogic administration? Check out this online course.

    Article by Yagnam Amarender Reddy