Enable Secret 5 problem ?

Unanswered Question
Jun 24th, 2009
User Badges:

I added this command "enable secret 5 testing" in the cisco switch.I save it (write mem) and restart the switch,the switch prompt me the password when i want to go in to the enable mode. I tried "testing" as the password, but switch reply wrong password. SO, my question here is what password should i use to get into the switch enable mode ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sam-lee Wed, 06/24/2009 - 09:09
User Badges:


Thanks for your reply! I tried "5 testing" but still failed. FYI, I am able to enter this command "enable secret 5 testing" without any error.

davy.timmermans Wed, 06/24/2009 - 11:56
User Badges:
  • Silver, 250 points or more

enable secret 5 testing

> means that an enable password has been configured. The hashed form of the password is testing.

it should work if you do enable secret testing.

the result in show run will be

enable secret 5 dsfdsfxcxwdsf


as Andrew confirmed before

sam-lee Wed, 06/24/2009 - 15:51
User Badges:

Hi Davy,


So what is the password in clear text for the hashed form password of "testing"?


sam-lee Wed, 06/24/2009 - 15:47
User Badges:

Hi Andrew,

My IOS version is "c3560-ipbase-mz.122-35.SE5".

I understood that the next string after the 5 is password but in encrypted format.

So, what is the password in clear text that i can use for my switch now ?


Edison Ortiz Wed, 06/24/2009 - 13:39
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member


You've configured a secret key for level 5.

If you want to access the device with the password 'testing', you must type enable 5 and the CLI and when prompted for password, enter testing




sam-lee Wed, 06/24/2009 - 15:54
User Badges:

Hi ediortiz,

How to type the enable 5 in the switch?

I tried to type enable 5 but it prompt me this "% Invalid input detected at '^' marker."


jason.chilton Wed, 06/24/2009 - 16:06
User Badges:

When you entered the command "enable secret 5 testing", you set the password to whatever the cleartext is that hashes to "testing".

You will not be able to reverse engineer what the cleartext password will be, so your only option is to set a new enable secret, such as "enable secret testing".

sam-lee Wed, 06/24/2009 - 19:34
User Badges:

Hi Jason,

It is hashed to testing.

The problem now is i not able to go in the switch to set a new enable secret, so the only way for it is to perform the password recovery for the switch.

Is there any possibility to go in the switch without perform the password recovery?


davy.timmermans Wed, 06/24/2009 - 22:47
User Badges:
  • Silver, 250 points or more

I'm affraid you've to do password recovery.

2 possibilities:

when booted:

press on mode button for 10seconds

>device will reboot

>config.text will be renamed to config.text.renamed

once booted up


Switch#copy config.text.renamed run

Original#conf t

Original(conf)#enable secret testing


Original#sh run | i enable

enable secret 5 sfsdgergett



reboot, and during booting press on the mode button.

you'll come into rommon mode


rommon>rename flash:config.text flash:config.old


when booted up you do the same as above

copy config.old run


reverse engineering of a hashed password is as far I know not possible.

It's possible for a level 7 password but not for a level 5

you have a level 7 if you do

enable password testing

service password-encryption

level 7 is a weak algorithm and is only used for masking a password so that others won't see the password


This Discussion