07-27-2009 12:12 PM - edited 03-04-2019 05:34 AM
I deleted a sheet of passowrd for my cisco router. now no access. the router are remote. anyone can help or suggest something, I am not in good position now
07-27-2009 01:39 PM
The only thing you'll be able to do is console in and do a password recovery on them if you don't remember the passwords. Physical access is the only option now.
HTH,
John
07-27-2009 03:10 PM
John,
one of my senior tech , was able to get the config form the router . he said that since there is an ftp enable on one of the router , he was able to get the config from there , then use
http://www.ifm.net.nz/cookbooks/passwordcracker.html
to crack the password
do you know what exactely was done ..
Thanks
07-27-2009 04:34 PM
As it explains in the URL, the type 7 enable password can be decrypted easily with a readily available password cracking utility. I guess it was fortunate for you that you were not using the enable secret password, since it cannot be decrypted in the same manner.
07-28-2009 05:09 AM
the queston is how he got the ftp server to get the config from the router. not how password is decrypted. I think everyone that is working w/ cisco knows that type 7 can be decrypted , Thanks for your input.
07-28-2009 05:26 AM
Ocporburst,
If I understand your question, you can have an ftp server enabled on some IOS versions. I don't have any versions on my network that support it, but it can be configured with "ftp-server enable." Then you share the top directory to share through ftp.
Here's some documentation:
http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/ftpserve.html
I have to tell you that I would see this as a major security risk. It may have helped you in this instance, but should this router ever get compromised, the same thing that helped could wreak major havoc on your network. I would recommend disabling the ftp service.
HTH,
John
07-28-2009 05:34 AM
John
Thanks a lot for your explanation, there is a radius configured as welll as a firewall b4 you can acccess the network router. so we got that part covered "I think". as always .Thanks for taking the time to help out....
07-28-2009 05:41 AM
Hi,
just some general ideas:
1) ad the deleted sheet:
no file backup or older version, printed version in a deposit, or file recovery procedure available?
2) no router config copy saved?
Passwords are usually not changed frequently.
3) It might be possible to get the config from the router via SNMP - I never made it personally but remember some documents on CCO.
Isn't there SNMP access available to the router?
4) Last chance is password recovery with physical access to the router console.
BR,
Milan
07-28-2009 07:59 AM
any one can help ???
I did find this link. I tried to follow the steps but no luck/
can you help.
Thanks
07-28-2009 08:02 AM
Ocporbust,
You won't be able to write the snmp value unless you have RW enabled on the router. If you have the config file, look at your "snmp-server
snmp-server public RO
snmp-server private RW
If you don't have one that has the RW after it, you won't be able to write your snmp string to change the password.
I thought the password has been changed, or at least figured out from the ftp transfer and decryption?
HTH,
John
07-28-2009 08:21 AM
John- here is what I have as far as snmp community..
snmp-server community homeboy RO 99
snmp-server community homenut RW 99
snmp-server ifindex dogfight
snmp-server enable traps tty
07-28-2009 08:24 AM
ocporbust,
The "99" at the end of this line is an acl. Do you know if this acl allows the host/subnet that you're coming from to write to the router? I can set a lab up and see if I can change a password if your acl clearly shows that you have access to write to it.
HTH,
John
07-28-2009 08:32 AM
yes I can write to the router and do config change if I want to. Hope this helps
Thanks
07-29-2009 12:31 AM
Hi,
wouldn't it be easier to udelete/repair your deleted password sheet file?
BR,
Milan
07-29-2009 04:08 PM
did not uderstand your question ?
I deleted the file from my pc . what is you question or suggestion ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: