Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
11525
Views
5
Helpful
3
Comments

Recover WEP,admin,Guest account Passwords from WLC.

Salil Prabhu
Cisco Employee
Cisco Employee

‎11-04-2011 01:22 PM - edited ‎11-18-2020 02:56 AM

Procedure to Recover WEP,Admin,Guest account Password from WLC

Step 1 :

1. (Cisco Controller) >show switchconfig
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled

(Cisco Controller) >config switchconfig secret-obfuscation disabled 

 Secret (de-)obfuscation may take a few minutes.
Please wait...  Done!

(Cisco Controller) >config passwd-cleartext enable 

The way you see your passwds will be changed
You are being warned.

Enter admin password: ***********
Enabling cleartext viewing of passwords

Step 2: 

2. Download config from the WLC. Commands --> Upload configuration from
WLC to tftp server.

Step 3:

3. Open the file in notepad :

WEP :

config wlan security static-wep-key encryption 4 40 hex encrypt 0 0 0 128 313233343500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 1

40 = 40 bit key

ADMIN :

config mgmtuser add encrypt admin1 0 0 0 8 436973636f31323300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 read-write

Guest-Account :

config netuser add encrypt username guest-1 password 0 0 0 7 67756573742d310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 wlan 0 usertype guest lifetime 86400

Step 4:

4. Use this tool to convert to Ascii : ( Use red colour digits ..)
http://www.dolcevie.com/js/converter.html

WEP : Key size = 40bit.
HEX :3132333435 
Ascii : 12345 ( using the tool ) 


ADMIN : Username : admin1 
HEX : 436973636f313233 
Ascii : Cisco123 

Guest-Account: Username: guest-1 
HEX: 67756573742d31  
Ascii : guest-1 



Comments
George Stefanick
VIP Alumni
VIP Alumni
‎11-04-2011 02:03 PM

Salil,

This appears to be the wep portion. Your subject line mentioned admin and guest account passwords.. What is the process for these?

Salil Prabhu
Cisco Employee
Cisco Employee
‎11-05-2011 06:51 AM

Hi George,

Thanks for letting me know.. I modified it and added some colors !! Hopefully this should help.

Thanks..Salil

Colin Vallance
Level 1
Level 1
‎06-22-2012 06:30 AM

Has anyone got this to work in 7.2 code (specifically 7.2.110.0 on a  5508)?  I can't seem to get the hex values back out via the config after  enabling and FTP-ing my configuration back out.  A `show run-config  commands` does display all my user/passwords unencrypted properly (I'm  really after some lost PSKs though).  Anyone get this working  successfully?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents