如果你不想用WebLogic密码恢复(一)介绍的加新帐号的方式,哦们还有一个至强的杀手锏,就是反向破解。废话少说了,这种方法就是利用WLST脚本对boot.properties文件进行解密。大家都知道,boot.properties就是保存了你的启动帐号和密码的一个文件,开始时是明文的,第一次启动后被系统加密。当忘记密码之后,用本法可以破解从而读出之前的密码。其中之原理就不得而知了。
![北京联动北方科技有限公司]()
![北京联动北方科技有限公司]()
代码
#=============================================================================
# Jython Scriptfor displaying de-crypted WebLogic boot.properties files
#
# To run, change to a WebLogic domain directory and execute:
#
#> /opt/weblogic/wlsadm/weblogic92/common/bin/wlst.sh~/home/chordadm/wlsdecrypt.py (Unix)
# OR
#> C:beaweblogic92commonbinwlst.cmd C:myscriptswlsdecrypt.py (Windows)
#
# Add parameter'-?' to the end of the command line to display more help
#=============================================================================
import os
from java.ioimport FileInputStream
from java.utilimport Properties
from weblogic.managementimport EncryptionHelper
from weblogic.security.serviceimport SecurityManager
from weblogic.security.subjectimport SubjectManager
#
=============================================================================
# Main
#=============================================================================
def main():
#for arg in sys.argv:
#if arg.count(arg.strip()):
# printUsageAndExit()
saltFilePath=os.path.join('security','SerializedSystemIni.dat')
if not os.path.exists(saltFilePath):
print"Error: The script must be run from a WebLogic domain direcotry or a directory containing '%s'" % saltFilePath
printUsageAndExit()
try:
open(saltFilePath,'r').close()
except IOError:
print"Error: The file '%s' is not readable - check file permissions" % saltFilePath
printUsageAndExit()
processBootFiles(os.curdir, descryptPropsFile)
#
=============================================================================
# Decrypt (Note, to encrypt just use: EncryptionHelper.encrypt(text))
#=============================================================================
def decrypt(text):
getKernelIdMethod= SecurityManager.getDeclaredMethod('getKernelIdentity', None)
getKernelIdMethod.accessible=1
return EncryptionHelper.decrypt(text, getKernelIdMethod.invoke(SecurityManager, None))
#
=============================================================================
# Process Boot Files
#=============================================================================
def processBootFiles(rootPath, processFunc):
if not os.path.isdir(rootPath):
return
fileNames= os.listdir(rootPath)
for fileName in fileNames:
path= os.path.join(rootPath, fileName)
if os.path.isfile(path):
if fileName== 'boot.properties':
processFunc(path)
elif os.path.isdir(path):
processBootFiles(path, processFunc)
processFunc("./boot.properties")
#
=============================================================================
# Decrypt Props File
#=============================================================================
def descryptPropsFile(filepath):
print
print'----- Decrypting %s -----' % filepath
try:
properties= Properties()
file= FileInputStream(filepath)
properties.load(file)
file.close()
for entry in properties.entrySet():
print'%s = %s' % (entry.key.strip(), java.lang.String(decrypt(entry.value.strip())))
except IOError:
print"Error: Unable to read file '%s' - check file permissions" % filepath
print
#
=============================================================================
# Print Usage And Exit
#=============================================================================
def printUsageAndExit():
print
print'wlsdecrypt.py'
print'-------------'
print
print"Jython Script for displaying de-crypted boot.properties files from a WebLogic domain. Before running the script, change directory to the directory that contains a WebLogic domain (or a directory containing 'security/SerializedSystemIni.dat' and one or more associated 'boot.properties' files). Run this script via WLST or directly via the Java/Jython launch command (the latter option requires both 'jython.jar' and 'weblogic.jar' to be added to the classpath)."
print
print'Example Usage:'
print
print'> /opt/weblogic/wlsadm/weblogic92/common/bin/wlst.sh ~/home/chordadm/wlsdecrypt.py (Unix)'
print
print'> C:beaweblogic92commonbinwlst.cmd C:myscriptswlsdecrypt.py (Windows)'
print
exit()
#
# Invoke main and end
#
main()
用法很简单,如下:
1、cd到你的域目录;
2、运行 <weblogic_home>wlserver_10.3commonbinwlst.cmd/sh <path_to_script>/your_script.py
注意:
a. 上面给出的脚本是Jyphon语法的脚本,你需要把它保存起来,文件即是上面第2步的参数指向的文件;
b. 以上的脚本是适用于WebLogic 9.x和10.x的,如果要在WebLogic 8中使用,你需要把“saltFilePath=os.path.join(‘security’, ‘SerializedSystemIni.dat’)”这行中的’security’改为’.'即可;
c. 确保你要解密的boot.properties是在域目录中,如weblogic 9/10的话你可以从servers<AdminServer>security下拷贝。
实际上,高人很多阿,有人写了一个Java程序,来解密包括boot.properties和xml配置文件中的密码(如config.xml及jdbc设置的xml文件),我就把其源码给贴出来分享了:
![北京联动北方科技有限公司]()
![北京联动北方科技有限公司]()
代码
import java.util.*;
import java.io.*;
import javax.xml.parsers.*;
import javax.xml.xpath.*;
import org.w3c.dom.*;
import weblogic.security.internal.*;// requires weblogic.jar in the class path
import weblogic.security.internal.encryption.*;
public class WebLogicDecryptor {
private static final String PREFIX= "{3DES}";
private static final String XPATH_EXPRESSION
= "//node()[starts-with(text(), '" + PREFIX+ "')] | //@*[starts-with(., '" + PREFIX+ "')]";
private static ClearOrEncryptedService ces;
public static void main(String[] args)throws Exception {
if (args.length< 2) {
System.out.println("Usage: [domainDir] [configFile]");
return;
}
ces= new ClearOrEncryptedService(SerializedSystemIni.getEncryptionService(new File(args[0]).getAbsolutePath()));
File file= new File(args[1]);
if (file.getName().endsWith(".xml")) {
processXml(file);
}
else if (file.getName().endsWith(".properties")){
processProperties(file);
}
}
private static void processXml(File file)throws Exception {
Document doc= DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(file);
XPathExpression expr= XPathFactory.newInstance().newXPath().compile(XPATH_EXPRESSION);
NodeList nodes= (NodeList)expr.evaluate(doc, XPathConstants.NODESET);
for (int i= 0; i< nodes.getLength(); i++) {
Node node= nodes.item(i);
print(node.getNodeName(), node.getTextContent());
}
}
private static void processProperties(File file)throws Exception {
Properties properties= new Properties();
properties.load(new FileInputStream(file));
for (Map.Entry p : properties.entrySet()) {
if (p.getValue().toString().startsWith(PREFIX)) {
print(p.getKey(), p.getValue());
}
}
}
private static void print(Object attributeName, Object encrypted) {
System.out.println("Node name:" + attributeName);
System.out.println("Encrypted:" + encrypted);
System.out.println("Decrypted:" + ces.decrypt((String)encrypted)+ "n");
}
}
这段代码,原则上对WebLogic 8/9/10都可以使用,单因为目录结构稍有不同,可以根据实际需要调整。原链接是 http://gustlik.wordpress.com/2008/08/06/decryption-of-configuration-passwords-in-weblogic/
该贴被songjian编辑于2012-11-12 9:58:16
当前位置:
论坛首页 »
自由讨论区 »
Tomcat, WebLogic及J2EE讨论区
»
发起投票
技术讨论
加好友
发消息
2012-11-12 9:56:55 |
赞(
操作
