Archive

Archive for December, 2008

Websphere Password Decoding

December 16, 2008 Leave a comment

Passwords stored in Websphere Server configuration files actually could be decoded
http://robertmaldon.blogspot.com/2006/07/recovering-passwords-from-websphere.html

for the Websphere ESB 6.1 that runs on top of WAS 6.1.17 the actual comand is:
\IBM\WebSphere\ESB\deploytool\itp\plugins\com.ibm.websphere.v61_6.1.200>\IBM\WebSphere\ESB\java\bin\java -cp ws_runtime.jar com.ibm.ws.security.util.PasswordDecoder {xor}booqL2sSOm0=encoded password == “{xor}bWcqL2sSOm0=”, decoded password == “hello”

And a very nice online password decoder
http://www.sysman.nl/wasdecoder/

Advertisements