Quickest way to decrypt passwords in Oracle WebLogic Server 12c
There are lots of scripts online that show you how to decrypt WebLogic passwords. Some work on different versions of the product but not others. Here's the simplest, most straightforward approach to decrypting passwords in Oracle WebLogic Server 12c.
This has been tested on Oracle WebLogic Server 12.1.3 and 12.2.1.
Location of AES Encrypted Passwords
Passwords are mainly located in configuration files here:
$DOMAIN_HOME/config/config.xml
$DOMAIN_HOME/config/jdbc/*.xml
Decrypt WebLogic Passwords
1. Get the password you would like to decrypt (in AES format). For example:
cd /u01/app/oracle/middleware/user_projects/domains/wl_domain/config
cat config.xml | grep AES
2. Run WLST:
cd /u01/app/oracle/middleware/oracle_common/common/bin
./wlst.sh
3. Set the domain and decrypt the password:
domain = "/u01/app/oracle/middleware/user_projects/domains/wl_domain"
service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
print encryption.decrypt("{AES}nFIptO4HdY8fxSgLjrS8ZNqsVlcB2zQZzYJQ9o7AbJU=")
Enter the domain name, and paste the entire {AES} password as shown.
Example