Oracle WebLogic

WebLogic Container

A simple step-by-step guide on how to setup a local Oracle WebLogic Docker container, running version 12.2.1.3.

1. Create a account on container-registry.oracle.com

2. Login and navigate to Middleware, scroll to WebLogic and press "Continue" in the right most column to accept license terms. This is needed to be able to pull the docker image.

3. Container setup:

## Docker Login 
utv-kali :: ~/oracle » docker login container-registry.oracle.com/v2
Username: <email>
Password: <passwd>

Login Succeeded

## Pull Image
» docker pull container-registry.oracle.com/middleware/weblogic:12.2.1.3
12.2.1.3: Pulling from middleware/weblogic
d26998a7c52d: Pull complete 
3349196f13d3: Pull complete 
81b340c807d2: Pull complete 
4e6abae7336d: Pull complete 
584d596b12ad: Pull complete 
2680afbb8569: Pull complete 
Digest: sha256:2b65d3a3a13ae639d4e5d9455cda8489d471351581d91012e45d7217f90dc43e
Status: Downloaded newer image for container-registry.oracle.com/middleware/weblogic:12.2.1.3
container-registry.oracle.com/middleware/weblogic:12.2.1.3

## Create domain.properties file
» cat domain.properties
username=weblogic
password=Passw0rd!

## Start container
» docker run -d -p 7001:7001 -p 9002:9002 --name 12213-weblogic --hostname 12213-weblogic -v $PWD:/u01/oracle/properties container-registry.oracle.com/middleware/weblogic:12.2.1.3 
29d90d2fbcbf88710b0f6b72132e07c5b322997c4b6a4ab8b80f28b1603e854a

## Verify
» docker container ls -a              
CONTAINER ID   IMAGE                                                        COMMAND                  CREATED          STATUS                             PORTS                                                                                  NAMES
b500143187f3   container-registry.oracle.com/middleware/weblogic:12.2.1.3   "/u01/oracle/createA…"   17 seconds ago   Up 15 seconds (health: starting)   0.0.0.0:7001->7001/tcp, :::7001->7001/tcp, 0.0.0.0:9002->9002/tcp, :::9002->9002/tcp   12213-weblogic

» docker container logs 12213-weblogic
Domain Home is:  /u01/oracle/user_projects/domains/base_domain
Create Domain

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

domain_name                 : [base_domain]
admin_listen_port           : [7001]
domain_path                 : [/u01/oracle/user_projects/domains/base_domain]
production_mode             : [prod]
admin name                  : [AdminServer]
administration_port_enabled : [true]
administration_port         : [9002]

1. With the server up and running you should be able to reach the login interface on: https://127.0.0.1:9002/console/login/LoginForm.jsp

---

Adding Vulnerabilities

The images from Oracle's repo are (un)fortunatley patched for CVE-2017-3506 / CVE-2017-10271 / CVE-2019-2725 / CVE-2019-2729, both wls-wsat.war and wls9_async_response.war has been removed. Lucky for us Vulnhub have a few vulnerable WebLogic containers and in their version 10.3.6.0-2017 I was able to extract wls-wsat.war.

wls-wsat can be downloaded here.

Upload new service

Deploy the vulnerable component by pressing Lock & Edit in the WebLogic Console.

Deployments > Install > Upload your file(s) > Deployment Archive: Browse > Next > Next > Finish

Complete the configuration change by pressing Activate Changes in the WebLogic Console.

Start service

Deployments > Control > Mark service > Start

Once your service is in Active State, browse: http://127.0.0.1:7001/wls-wsat/CoordinatorPortType

---

Troubleshooting

Pull Access Denied

If you get "Pull access denied" when trying to pull the image from container-registry.oracle.com there is probably one of two issues.

» docker pull container-registry.oracle.com/middleware/weblogic:12.2.1.3
Error response from daemon: pull access denied for container-registry.oracle.com/middleware/weblogic, repository does not exist or may require 'docker login': denied: requested access to the resource is denie

1. You've not logged in, run docker login container-registry.oracle.com

2. You've not accepted the license terms on https://container-registry.oracle.com.

Out of Memory (core dumped)

You're unable to build the container and get the memory error below.

» docker container logs 12213-weblogic
...
library initialization failed - unable to allocate file descriptor table - out of memory/u01/oracle/oracle_common/common/bin/wlst_internal.sh: line 18:    76 Aborted                 (core dumped) "${JAVA_HOME}/bin/java" -DORACLE_HOME='/u01/oracle/oracle_common' -Djava.security.egd=file:/dev/./urandom weblogic.WLST "$@"

The solution can be found here, in short either..

1. Specify ulimit in thedocker run command like so:

» docker run -d -p 7001:7001 -p 9002:9002 --name 12213-weblogic --hostname 12213-weblogic --ulimit nofile=1024:65536 -v $PWD:/u01/oracle/properties container-registry.oracle.com/middleware/weblogic:12.2.1.3

1. Edit /usr/lib/systemd/system/docker.service and add ulimit to ExecStart:

» cat /usr/lib/systemd/system/docker.service
...
ExecStart=/usr/sbin/dockerd --default-ulimit nofile=65536:65536 -H fd:// --containerd=/run/containerd/containerd.sock

## Restart services to apply configuration change
» sudo systemctl daemon-reload
» sudo systemctl restart docker.service