Recover WEP, Admin, Guest account Password from WLC

Blog

Nov 4, 2011 1:28 PM
Nov 4th, 2011

Procedure to Recover WEP,Admin,Guest account Password from WLC

Step 1 :

1. (Cisco Controller) >show switchconfig
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled

(Cisco Controller) >config switchconfig secret-obfuscation disabled

 Secret (de-)obfuscation may take a few minutes.
Please wait...  Done!

(Cisco Controller) >config passwd-cleartext enable

The way you see your passwds will be changed
You are being warned.

Enter admin password: ***********
Enabling cleartext viewing of passwords

Step 2:

2. Download config from the WLC. Commands --> Upload configuration from
WLC to tftp server.

Step 3:

3. Open the file in notepad : 

WEP :

config wlan security static-wep-key encryption 4 40 hex encrypt 0 0 0 128 313233343500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  1

40 = 40 bit key

ADMIN :

config mgmtuser add encrypt admin1 0 0 0 8 436973636f31323300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 read-write

Guest-Account :

config netuser add encrypt username guest-1 password 0 0 0 7 67756573742d310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  wlan 0 usertype guest lifetime 86400

Step 4:

4. Use this tool to convert to Ascii : ( Use red colour digits ..)
http://www.dolcevie.com/js/converter.html

WEP : Key size = 40bit.
HEX :3132333435 
Ascii : 12345 ( using the tool )



ADMIN : Username : admin1
HEX : 436973636f313233
Ascii : Cisco123

Guest-Account: Username: guest-1
HEX: 67756573742d31 
Ascii : guest-1 
Average Rating: 5 (3 ratings)

Comments

crvallance Tue, 06/19/2012 - 12:43

Has anyone got this to work in 7.2 code (specifically 7.2.110.0 on a 5508)?  I can't seem to get the hex values back out via the config after enabling and FTP-ing my configuration back out.  A `show run-config commands` does display all my user/passwords unencrypted properly (I'm really after some lost PSKs though).  Anyone get this working successfully?

Actions

Login or Register to take actions

This Blog

Posted November 4, 2011 at 1:28 PM
Stats:
Comments:3 Avg. Rating:5
Views:12021   
Shares:2

Related Content

Blogs Leaderboard