Knowledge Base : How to hack an ODI supervisor password

Oracle Data Integrator (ODI) agents and Studio clients need a database connection to the ODI repository and a supervisor password to connect. In case this password ist lost, it can be engineered in clear-text from the hash stored locally.

Retrieve the SUPERVISOR password hash from FMW/Agent installation

[oracle@s-001-lin-t-db base_domain]$ pwd
/u01/Middleware/Oracle_Home/user_projects/domains/base_domain
[oracle@s-001-lin-t-db base_domain]$ grep AES config/fmwconfig/components/system-comp-config.xml
            <password-encrypted>{AES}v2O+vAVhVnmXXXXXXXXu6pdJTM1wTXs/+XVFyxBQGuQ=</password-encrypted>

Decrypt an ODI / Weblogic password hash

[oracle@s-001-lin-t-db ~]$ /u01/Middleware/Oracle_Home/oracle_common/common/bin/wlst.sh decrypt.py
Initializing WebLogic Scripting Tool (WLST) ...
Jython scans all the jar files it can find at first startup. Depending on the system, this process may take a few minutes to complete, and WLST may not return a prompt right away.
Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands
Provide Domain Home location: /u01/Middleware/Oracle_Home/user_projects/domains/base_domain Provide encrypted password or username (e.g.: {AES}jNdVLr...): {AES} v2O+vXXXXnmQ7TXXXTUu6pdXXX1wTXs/+XXXyxBQGuQ=
Make sure that nobody is staying behind you :-) Press ENTER to see the password ...
Value in cleartext is: secret

You need the script decrypt.py, which can be found at Dirk Nachbars site or here.

Encrypt an ODI / Weblogic password

[oracle@s-001-lin-t-db base_domain]$ java -cp /u01/Middleware/Oracle_Home/wlserver/server/lib/weblogic.jar weblogic.security.Encrypt secret
{AES} v2O+vXXXXnmQ7TXXXTUu6pdXXX1wTXs/+XXXyxBQGuQ=

See also: