Recover WEP, Admin, Guest account Password from WLC


Mon, 02/02/2015 - 21:55
Nov 4th, 2011
User Badges:
  • Cisco Employee,

Procedure to Recover WEP,Admin,Guest account Password from WLC

Step 1 :

1. (Cisco Controller) >show switchconfig
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled

(Cisco Controller) >config switchconfig secret-obfuscation disabled

 Secret (de-)obfuscation may take a few minutes.
Please wait...  Done!

(Cisco Controller) >config passwd-cleartext enable

The way you see your passwds will be changed
You are being warned.

Enter admin password: ***********
Enabling cleartext viewing of passwords

Step 2:

2. Download config from the WLC. Commands --> Upload configuration from
WLC to tftp server.

Step 3:

3. Open the file in notepad : 


config wlan security static-wep-key encryption 4 40 hex encrypt 0 0 0 128 313233343500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  1

40 = 40 bit key


config mgmtuser add encrypt admin1 0 0 0 8 436973636f31323300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 read-write

Guest-Account :

config netuser add encrypt username guest-1 password 0 0 0 7 67756573742d310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  wlan 0 usertype guest lifetime 86400

Step 4:

4. Use this tool to convert to Ascii : ( Use red colour digits ..)

WEP : Key size = 40bit.
HEX :3132333435 
Ascii : 12345 ( using the tool )

ADMIN : Username : admin1
HEX : 436973636f313233
Ascii : Cisco123

Guest-Account: Username: guest-1
HEX: 67756573742d31 
Ascii : guest-1 
Colin Vallance Tue, 06/19/2012 - 12:43
User Badges:

Has anyone got this to work in 7.2 code (specifically on a 5508)?  I can't seem to get the hex values back out via the config after enabling and FTP-ing my configuration back out.  A `show run-config commands` does display all my user/passwords unencrypted properly (I'm really after some lost PSKs though).  Anyone get this working successfully?

Muhammad Hakim Mon, 02/02/2015 - 01:43
User Badges:

is there any reload with CLI commands??? in GUI yes it is.


because WLC in live production...




This Blog