A simple step-by-step guide on how to setup a local Oracle WebLogic Docker container, running version 12.2.1.3.
Create a account on container-registry.oracle.com
Login and navigate to Middleware, scroll to WebLogic and press "Continue" in the right most column to accept license terms. This is needed to be able to pull the docker image.
Container setup:
## Docker Login
utv-kali :: ~/oracle » docker login container-registry.oracle.com/v2
Username: <email>
Password: <passwd>
Login Succeeded
## Pull Image
» docker pull container-registry.oracle.com/middleware/weblogic:12.2.1.3
12.2.1.3: Pulling from middleware/weblogic
d26998a7c52d: Pull complete
3349196f13d3: Pull complete
81b340c807d2: Pull complete
4e6abae7336d: Pull complete
584d596b12ad: Pull complete
2680afbb8569: Pull complete
Digest: sha256:2b65d3a3a13ae639d4e5d9455cda8489d471351581d91012e45d7217f90dc43e
Status: Downloaded newer image for container-registry.oracle.com/middleware/weblogic:12.2.1.3
container-registry.oracle.com/middleware/weblogic:12.2.1.3
## Create domain.properties file
» cat domain.properties
username=weblogic
password=Passw0rd!
## Start container
» docker run -d -p 7001:7001 -p 9002:9002 --name 12213-weblogic --hostname 12213-weblogic -v $PWD:/u01/oracle/properties container-registry.oracle.com/middleware/weblogic:12.2.1.3
29d90d2fbcbf88710b0f6b72132e07c5b322997c4b6a4ab8b80f28b1603e854a
## Verify
» docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b500143187f3 container-registry.oracle.com/middleware/weblogic:12.2.1.3 "/u01/oracle/createA…" 17 seconds ago Up 15 seconds (health: starting) 0.0.0.0:7001->7001/tcp, :::7001->7001/tcp, 0.0.0.0:9002->9002/tcp, :::9002->9002/tcp 12213-weblogic
» docker container logs 12213-weblogic
Domain Home is: /u01/oracle/user_projects/domains/base_domain
Create Domain
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
domain_name : [base_domain]
admin_listen_port : [7001]
domain_path : [/u01/oracle/user_projects/domains/base_domain]
production_mode : [prod]
admin name : [AdminServer]
administration_port_enabled : [true]
administration_port : [9002]
With the server up and running you should be able to reach the login interface on: https://127.0.0.1:9002/console/login/LoginForm.jsp
Adding Vulnerabilities
The images from Oracle's repo are (un)fortunatley patched for CVE-2017-3506 / CVE-2017-10271 / CVE-2019-2725 / CVE-2019-2729, both wls-wsat.war and wls9_async_response.war has been removed. Lucky for us Vulnhub have a few vulnerable WebLogic containers and in their version 10.3.6.0-2017 I was able to extract wls-wsat.war.
Deploy the vulnerable component by pressing Lock & Edit in the WebLogic Console.
Deployments > Install > Upload your file(s) > Deployment Archive: Browse > Next > Next > Finish
Complete the configuration change by pressing Activate Changes in the WebLogic Console.
Start service
Deployments > Control > Mark service > Start
Once your service is in Active State, browse: http://127.0.0.1:7001/wls-wsat/CoordinatorPortType
Troubleshooting
Pull Access Denied
If you get "Pull access denied" when trying to pull the image from container-registry.oracle.com there is probably one of two issues.
» docker pull container-registry.oracle.com/middleware/weblogic:12.2.1.3
Error response from daemon: pull access denied for container-registry.oracle.com/middleware/weblogic, repository does not exist or may require 'docker login': denied: requested access to the resource is denie
You've not logged in, run docker login container-registry.oracle.com
You've not accepted the license terms on https://container-registry.oracle.com.
Out of Memory (core dumped)
You're unable to build the container and get the memory error below.
» docker container logs 12213-weblogic
...
library initialization failed - unable to allocate file descriptor table - out of memory/u01/oracle/oracle_common/common/bin/wlst_internal.sh: line 18: 76 Aborted (core dumped) "${JAVA_HOME}/bin/java" -DORACLE_HOME='/u01/oracle/oracle_common' -Djava.security.egd=file:/dev/./urandom weblogic.WLST "$@"