破解weblogic boot.properties的密码

1 运行脚本加载环境变量
[root@localhost dao]# . /bea/wlserver_10.3/server/bin/setWLSEnv.sh 
CLASSPATH=/bea/patch_wls1035/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/bea/patch_ocp360/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/java6/lib/tools.jar:/bea/wlserver_10.3/server/lib/weblogic_sp.jar:/bea/wlserver_10.3/server/lib/weblogic.jar:/bea/modules/features/weblogic.server.modules_10.3.5.0.jar:/bea/wlserver_10.3/server/lib/webservices.jar:/bea/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/bea/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:


PATH=/bea/wlserver_10.3/server/bin:/bea/modules/org.apache.ant_1.7.1/bin:/java6/jre/bin:/java6/bin:/java6/bin:/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin


Your environment has been set.
2  随便创建一个文件夹
mdir /root/dao


3 编写破解程序
[root@localhost dao]# vi Decrypt.java 


import weblogic.security.internal.*;
import weblogic.security.internal.encryption.*;


import java.io.PrintStream;




public class Decrypt {
    static EncryptionService es = null;
    static ClearOrEncryptedService ces = null;


    public static void main(String[] args) {
        String s = null;


        if (args.length == 0) {
            s = ServerAuthenticate.promptValue("Password: ", false);
        } else if (args.length == 1) {
            s = args[0];
        } else {
            System.err.println("Usage: java Decrypt [ password ]");
        }


        es = SerializedSystemIni.getExistingEncryptionService();


        if (es == null) {
            System.err.println("Unable to initialize encryption service");


            return;
        }


        ces = new ClearOrEncryptedService(es);


        if (s != null) {
            System.out.println("\nDecrypted Password is:" + ces.decrypt(s));
        }
    }
}
"Decrypt.java" 36L, 926C written


4 编译破译程序
[root@localhost dao]# javac Decrypt.java 


5 找到并打开之前的boot.properties文件
[root@localhost security]# pwd
/bea/user_projects/domains/dao_domain/servers/AdminServer/security
[root@localhost security]# cat boot.properties 
#Sat Oct 25 16:38:26 CST 2014
password={AES}SpPRq9UhXCWaErKCSOdM+bh0BmgsU6HvEVvrPXUXhds\=
username={AES}oxOi8NphVlB9ndOoInQcTu27PM/P+s3doyMcBZGqtWk\=


6 运行java 破解boot.properties的内容
[root@localhost dao]# java Decrypt {AES}oxOi8NphVlB9ndOoInQcTu27PM/P+s3doyMcBZGqtWk\=


Decrypted Password is:weblogic


[root@localhost dao]# java Decrypt {AES}SpPRq9UhXCWaErKCSOdM+bh0BmgsU6HvEVvrPXUXhds\=


Decrypted Password is:weblogic1