The only thing you'll be able to do is console in and do a password recovery on them if you don't remember the passwords. Physical access is the only option now.
one of my senior tech , was able to get the config form the router . he said that since there is an ftp enable on one of the router , he was able to get the config from there , then use
to crack the password
do you know what exactely was done ..
As it explains in the URL, the type 7 enable password can be decrypted easily with a readily available password cracking utility. I guess it was fortunate for you that you were not using the enable secret password, since it cannot be decrypted in the same manner.
the queston is how he got the ftp server to get the config from the router. not how password is decrypted. I think everyone that is working w/ cisco knows that type 7 can be decrypted , Thanks for your input.
If I understand your question, you can have an ftp server enabled on some IOS versions. I don't have any versions on my network that support it, but it can be configured with "ftp-server enable." Then you share the top directory to share through ftp.
Here's some documentation:
I have to tell you that I would see this as a major security risk. It may have helped you in this instance, but should this router ever get compromised, the same thing that helped could wreak major havoc on your network. I would recommend disabling the ftp service.
Thanks a lot for your explanation, there is a radius configured as welll as a firewall b4 you can acccess the network router. so we got that part covered "I think". as always .Thanks for taking the time to help out....
just some general ideas:
1) ad the deleted sheet:
no file backup or older version, printed version in a deposit, or file recovery procedure available?
2) no router config copy saved?
Passwords are usually not changed frequently.
3) It might be possible to get the config from the router via SNMP - I never made it personally but remember some documents on CCO.
Isn't there SNMP access available to the router?
4) Last chance is password recovery with physical access to the router console.
any one can help ???
I did find this link. I tried to follow the steps but no luck/
can you help.
You won't be able to write the snmp value unless you have RW enabled on the router. If you have the config file, look at your "snmp-server
snmp-server public RO
snmp-server private RW
If you don't have one that has the RW after it, you won't be able to write your snmp string to change the password.
I thought the password has been changed, or at least figured out from the ftp transfer and decryption?
John- here is what I have as far as snmp community..
snmp-server community homeboy RO 99
snmp-server community homenut RW 99
snmp-server ifindex dogfight
snmp-server enable traps tty
The "99" at the end of this line is an acl. Do you know if this acl allows the host/subnet that you're coming from to write to the router? I can set a lab up and see if I can change a password if your acl clearly shows that you have access to write to it.
depending on you PC operating system, there should be tools availabe to undelete the file (restore from Windows Trash is the most primitive one, but there are much more sophisticated tools available).
It's still on the disk probably (untill the hard disk sectors overwritten by another file), only not accessible at the moment.