Enable Secret 5 problem ?

Unanswered Question
Jun 24th, 2009
User Badges:

I added this command "enable secret 5 testing" in the cisco switch.I save it (write mem) and restart the switch,the switch prompt me the password when i want to go in to the enable mode. I tried "testing" as the password, but switch reply wrong password. SO, my question here is what password should i use to get into the switch enable mode ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sam-lee Wed, 06/24/2009 - 09:09
User Badges:

Hi,


Thanks for your reply! I tried "5 testing" but still failed. FYI, I am able to enter this command "enable secret 5 testing" without any error.



davy.timmermans Wed, 06/24/2009 - 11:56
User Badges:
  • Silver, 250 points or more

enable secret 5 testing


> means that an enable password has been configured. The hashed form of the password is testing.


it should work if you do enable secret testing.


the result in show run will be


enable secret 5 dsfdsfxcxwdsf



update:

as Andrew confirmed before

sam-lee Wed, 06/24/2009 - 15:51
User Badges:

Hi Davy,


Understood.


So what is the password in clear text for the hashed form password of "testing"?


Thanks

sam-lee Wed, 06/24/2009 - 15:47
User Badges:

Hi Andrew,


My IOS version is "c3560-ipbase-mz.122-35.SE5".


I understood that the next string after the 5 is password but in encrypted format.


So, what is the password in clear text that i can use for my switch now ?


Thanks

Edison Ortiz Wed, 06/24/2009 - 13:39
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Sam,


You've configured a secret key for level 5.


If you want to access the device with the password 'testing', you must type enable 5 and the CLI and when prompted for password, enter testing


HTH,


__


Edison.

sam-lee Wed, 06/24/2009 - 15:54
User Badges:

Hi ediortiz,


How to type the enable 5 in the switch?


I tried to type enable 5 but it prompt me this "% Invalid input detected at '^' marker."


Thanks

jason.chilton Wed, 06/24/2009 - 16:06
User Badges:

When you entered the command "enable secret 5 testing", you set the password to whatever the cleartext is that hashes to "testing".


You will not be able to reverse engineer what the cleartext password will be, so your only option is to set a new enable secret, such as "enable secret testing".

sam-lee Wed, 06/24/2009 - 19:34
User Badges:

Hi Jason,


It is hashed to testing.


The problem now is i not able to go in the switch to set a new enable secret, so the only way for it is to perform the password recovery for the switch.


Is there any possibility to go in the switch without perform the password recovery?


Thanks

davy.timmermans Wed, 06/24/2009 - 22:47
User Badges:
  • Silver, 250 points or more

I'm affraid you've to do password recovery.


2 possibilities:


when booted:


press on mode button for 10seconds


>device will reboot

>config.text will be renamed to config.text.renamed


once booted up

Switch>enable

Switch#copy config.text.renamed run

Original#conf t

Original(conf)#enable secret testing

Original(conf)#end

Original#sh run | i enable


enable secret 5 sfsdgergett


Original#wr



or


reboot, and during booting press on the mode button.

you'll come into rommon mode


rommon>flash_init

rommon>rename flash:config.text flash:config.old

rommon>reset


when booted up you do the same as above


copy config.old run

....


reverse engineering of a hashed password is as far I know not possible.


It's possible for a level 7 password but not for a level 5


you have a level 7 if you do


enable password testing

service password-encryption


level 7 is a weak algorithm and is only used for masking a password so that others won't see the password


Actions

This Discussion