Friday, November 20, 2015

Encode and Decode WebSphere passwords with PowerShell

Sometimes you need to give WebSphere passwords. Maybe it's for database connections, or to open truststores or keystores etc. It's no secret where WebSphere keeps these passwords, nor is it a secret how WebSphere encodes the passwords prior to storage. It's simple XOR encoding. Lots of folks have posted functions to encode/decode this data, and there are forms online where you can do the conversion in your browser.  I've just never seen one in PowerShell, so here ya go. Why would you need this? No idea. I guess it's always nice to see how things work...so there's that. Code is below.


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
function Unprotect-WebSpherePassword {
################################################################
#.Synopsis
# Decodes the provided encoded password from a WebSphere 
# configuration or properties file, returning the plain text
# password. The encoded password may be provided with or
# without the leading {xor} string.
#.Parameter String
# Encoded password
#.Example
# Unprotect-WebSpherePassword "{xor}LDo8LTor"
# secret
################################################################
[CmdletBinding()] Param (
 [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [string]$encodedPassword
)
 $encodedPassword = $encodedPassword.Replace("{xor}","")
 [byte[]]$bytes = [Convert]::FromBase64String($encodedPassword)
 for ($i=0;$i -lt $bytes.Length;$i++)
 {
  $bytes[$i] = $bytes[$i] -bxor 0x5F
 }
 [string]$decoded = [System.Text.Encoding]::ASCII.GetString($bytes)
 return $decoded
}

function Protect-WebSpherePassword {
################################################################
#.Synopsis
# Encodes the provided plain text password to a WebSphere 
# encoded password suitable for inclusion in configuration
# or properties files. The encoded password will include the 
# required {xor} prefix.
#.Parameter String
# Plaintext password
#.Example
# Protect-WebSpherePassword secret
# "{xor}LDo8LTor"
################################################################
[CmdletBinding()] Param (
 [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [string]$plainPassword
)
 [byte[]]$bytes = [System.Text.Encoding]::ASCII.GetBytes($plainPassword)
 for ($i=0;$i -lt $bytes.Length;$i++)
 {
  $bytes[$i] = $bytes[$i] -bxor 0x5F
 }
 [string]$encoded = [Convert]::ToBase64String($bytes)
 $encoded = "{xor}" + $encoded
 return $encoded
}

No comments:

Post a Comment