# WebLogic ## WebLogic Container A simple step-by-step guide on how to setup a local Oracle WebLogic Docker container, running version 12.2.1.3. 1. Create a account on container-registry.oracle.com 2. Login and navigate to *Middleware*, scroll to *WebLogic* and press "Continue" in the right most column to accept license terms. This is needed to be able to pull the docker image. 3. Container setup: ```sh ## Docker Login utv-kali :: ~/oracle » docker login container-registry.oracle.com/v2 Username: Password: Login Succeeded ## Pull Image » docker pull container-registry.oracle.com/middleware/weblogic:12.2.1.3 12.2.1.3: Pulling from middleware/weblogic d26998a7c52d: Pull complete 3349196f13d3: Pull complete 81b340c807d2: Pull complete 4e6abae7336d: Pull complete 584d596b12ad: Pull complete 2680afbb8569: Pull complete Digest: sha256:2b65d3a3a13ae639d4e5d9455cda8489d471351581d91012e45d7217f90dc43e Status: Downloaded newer image for container-registry.oracle.com/middleware/weblogic:12.2.1.3 container-registry.oracle.com/middleware/weblogic:12.2.1.3 ## Create domain.properties file » cat domain.properties username=weblogic password=Passw0rd! ## Start container » docker run -d -p 7001:7001 -p 9002:9002 --name 12213-weblogic --hostname 12213-weblogic -v $PWD:/u01/oracle/properties container-registry.oracle.com/middleware/weblogic:12.2.1.3 29d90d2fbcbf88710b0f6b72132e07c5b322997c4b6a4ab8b80f28b1603e854a ## Verify » docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b500143187f3 container-registry.oracle.com/middleware/weblogic:12.2.1.3 "/u01/oracle/createA…" 17 seconds ago Up 15 seconds (health: starting) 0.0.0.0:7001->7001/tcp, :::7001->7001/tcp, 0.0.0.0:9002->9002/tcp, :::9002->9002/tcp 12213-weblogic » docker container logs 12213-weblogic Domain Home is: /u01/oracle/user_projects/domains/base_domain Create Domain Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands domain_name : [base_domain] admin_listen_port : [7001] domain_path : [/u01/oracle/user_projects/domains/base_domain] production_mode : [prod] admin name : [AdminServer] administration_port_enabled : [true] administration_port : [9002] ``` 4. With the server up and running you should be able to reach the login interface on: `https://127.0.0.1:9002/console/login/LoginForm.jsp`
*** ## Adding Vulnerabilities The images from Oracle's repo are (un)fortunatley patched for CVE-2017-3506 / CVE-2017-10271 / CVE-2019-2725 / CVE-2019-2729, both `wls-wsat.war` and `wls9_async_response.war` has been removed. Lucky for us [Vulnhub](https://hub.docker.com/r/vulhub/weblogic/tags) have a few vulnerable WebLogic containers and in their version [10.3.6.0-2017](https://hub.docker.com/layers/vulhub/weblogic/10.3.6.0-2017/images/sha256-275ec19477cfda389dc1c42158033e7e8c650dd4cba9f090ca0ba673902b73c9?context=explore) I was able to extract `wls-wsat.war`. **wls-wsat can be downloaded** [**here**](https://github.com/0xPThree/WebLogic). ### Upload new service Deploy the vulnerable component by pressing **Lock & Edit** in the WebLogic Console. *Deployments > Install > Upload your file(s) > Deployment Archive: Browse > Next > Next > Finish* Complete the configuration change by pressing **Activate Changes** in the WebLogic Console. ### Start service *Deployments > Control > Mark service > Start* Once your service is in Active State, browse: `http://127.0.0.1:7001/wls-wsat/CoordinatorPortType`
*** ## Troubleshooting ### Pull Access Denied If you get "Pull access denied" when trying to pull the image from `container-registry.oracle.com` there is probably one of two issues. ``` » docker pull container-registry.oracle.com/middleware/weblogic:12.2.1.3 Error response from daemon: pull access denied for container-registry.oracle.com/middleware/weblogic, repository does not exist or may require 'docker login': denied: requested access to the resource is denie ``` 1. You've not logged in, run `docker login container-registry.oracle.com` 2. You've not accepted the license terms on `https://container-registry.oracle.com`. ### Out of Memory (core dumped) You're unable to build the container and get the memory error below. ```sh » docker container logs 12213-weblogic ... library initialization failed - unable to allocate file descriptor table - out of memory/u01/oracle/oracle_common/common/bin/wlst_internal.sh: line 18: 76 Aborted (core dumped) "${JAVA_HOME}/bin/java" -DORACLE_HOME='/u01/oracle/oracle_common' -Djava.security.egd=file:/dev/./urandom weblogic.WLST "$@" ``` The solution can be found [here](https://github.com/oracle/docker-images/issues/2486), in short either.. 1. Specify `ulimit` in the`docker run` command like so: ```bash » docker run -d -p 7001:7001 -p 9002:9002 --name 12213-weblogic --hostname 12213-weblogic --ulimit nofile=1024:65536 -v $PWD:/u01/oracle/properties container-registry.oracle.com/middleware/weblogic:12.2.1.3 ``` 2. Edit `/usr/lib/systemd/system/docker.service` and add `ulimit` to `ExecStart`: ```bash » cat /usr/lib/systemd/system/docker.service ... ExecStart=/usr/sbin/dockerd --default-ulimit nofile=65536:65536 -H fd:// --containerd=/run/containerd/containerd.sock ## Restart services to apply configuration change » sudo systemctl daemon-reload » sudo systemctl restart docker.service ```