Enable Secret 5 problem ?

Unanswered Question
Jun 24th, 2009

I added this command "enable secret 5 testing" in the cisco switch.I save it (write mem) and restart the switch,the switch prompt me the password when i want to go in to the enable mode. I tried "testing" as the password, but switch reply wrong password. SO, my question here is what password should i use to get into the switch enable mode ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sam-lee Wed, 06/24/2009 - 09:09

Hi,

Thanks for your reply! I tried "5 testing" but still failed. FYI, I am able to enter this command "enable secret 5 testing" without any error.

davy.timmermans Wed, 06/24/2009 - 11:56

enable secret 5 testing

> means that an enable password has been configured. The hashed form of the password is testing.

it should work if you do enable secret testing.

the result in show run will be

enable secret 5 dsfdsfxcxwdsf

update:

as Andrew confirmed before

sam-lee Wed, 06/24/2009 - 15:51

Hi Davy,

Understood.

So what is the password in clear text for the hashed form password of "testing"?

Thanks

sam-lee Wed, 06/24/2009 - 15:47

Hi Andrew,

My IOS version is "c3560-ipbase-mz.122-35.SE5".

I understood that the next string after the 5 is password but in encrypted format.

So, what is the password in clear text that i can use for my switch now ?

Thanks

Edison Ortiz Wed, 06/24/2009 - 13:39

Sam,

You've configured a secret key for level 5.

If you want to access the device with the password 'testing', you must type enable 5 and the CLI and when prompted for password, enter testing

HTH,

__

Edison.

sam-lee Wed, 06/24/2009 - 15:54

Hi ediortiz,

How to type the enable 5 in the switch?

I tried to type enable 5 but it prompt me this "% Invalid input detected at '^' marker."

Thanks

jason.chilton Wed, 06/24/2009 - 16:06

When you entered the command "enable secret 5 testing", you set the password to whatever the cleartext is that hashes to "testing".

You will not be able to reverse engineer what the cleartext password will be, so your only option is to set a new enable secret, such as "enable secret testing".

sam-lee Wed, 06/24/2009 - 19:34

Hi Jason,

It is hashed to testing.

The problem now is i not able to go in the switch to set a new enable secret, so the only way for it is to perform the password recovery for the switch.

Is there any possibility to go in the switch without perform the password recovery?

Thanks

davy.timmermans Wed, 06/24/2009 - 22:47

I'm affraid you've to do password recovery.

2 possibilities:

when booted:

press on mode button for 10seconds

>device will reboot

>config.text will be renamed to config.text.renamed

once booted up

Switch>enable

Switch#copy config.text.renamed run

Original#conf t

Original(conf)#enable secret testing

Original(conf)#end

Original#sh run | i enable

enable secret 5 sfsdgergett

Original#wr

or

reboot, and during booting press on the mode button.

you'll come into rommon mode

rommon>flash_init

rommon>rename flash:config.text flash:config.old

rommon>reset

when booted up you do the same as above

copy config.old run

....

reverse engineering of a hashed password is as far I know not possible.

It's possible for a level 7 password but not for a level 5

you have a level 7 if you do

enable password testing

service password-encryption

level 7 is a weak algorithm and is only used for masking a password so that others won't see the password

Actions

This Discussion