cisco steps Mon, 07/27/2009 - 13:17
User Badges:

thanks I do know that . need someting that can help w/ remote


Lucien Avramov Mon, 07/27/2009 - 21:17
User Badges:
  • Red, 2250 points or more

A couple of possible things:

1. For how to copy the configuration:

-the router had tftp server enabled, and the config was copied from tftp

-ip rcmd was enabled on the router, and via rsh the show run was taken, providing that password was known

-http server was enabled and the login / password was different than the router password, if for example router is using AAA server for login and http is using a local login/password.

-Via SNMP, with the CISCO-CONFIG-COPY-MIB, snmpset commands were initiated to the router to upload the configuration to an ftp server.

-Old IOS was using the ftp server functionality:

There may be other ways, not that I know of.

2. Once the configuration was retrieved, the MD5 hash was decoded. You should use the command service password-encryption to prevent this to happen.

Provided the platform and version I may be able to help further.

cisco steps Tue, 07/28/2009 - 05:19
User Badges:


how do you copy the config from tftp server on the router. I think that is the metod that he used...i will do some reading about ip rcmd and the http server.

via SNMP ? does this work and done.

who ever said " you learn from your mistakes" is right , I would not feel Bad...

Thanks Lucien

Lucien Avramov Tue, 07/28/2009 - 08:32
User Badges:
  • Red, 2250 points or more

For the tftp part, that is a little tricky, the way I know how to do it is: login another router and issue the command copy tftp: flash:, then indicate the router you lost the password as the tftp server. You need to know what is the filename defined on the router for the config, and that is not something you can actually guess easily if you have not configured it yourself.

For the snmp part, you need to know the RW community string. In the link posted, the example is using private, if snmp was configured on this router, it may have a different community string as it's defined by the user.

If you find an old configuration archived somewhere, that will help you a lot.


This Discussion