lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <41A4EA78.4020004@stormcenter.net>
From: live4java at stormcenter.net (Mister Coffee)
Subject: previledge password in cisco routers

Good point.  "Access recovery" might be a more appropriate description. 
   I had several opportunities to recover access to 3600 series routers 
when their previous admin left without bothering to document Enable for 
us. It's also possible to do remotely - assuming you have remote access 
to the console _and_ a way to remote power cycle the router - but this 
requires a bit of forethought.

Remote console access isn't uncommon (Cisco 2511's, anyone?) but remote 
power control is considerably less common.

Michael Reilly wrote:
> Note that password recovery doesn't give you the password.  It lets you 
> create a new one which replaces the existing password.  It also deletes 
> some  information stored in private nvram.  You don't actually get the 
> same configuration after password recovery that you had before.
> 
> Note that password recovery can only be done on the serial console port 
> - this is the physical access you need.  You can't do it remotely
> 
> michael
> Mister Coffee wrote:
> 
>> john morris wrote:
>>
>>> Is there a quick and decent way to obtain the previledge password of a
>>> cisco router my version is as follows
>>> cisco 3640 (R4700) processor
>>
>>
>>  >
>> If you have physical access, there is a password recovery method 
>> that's detailed in Cisco's documentation on the 3600 series.  If it's 
>> your box, or one you're responsible for (and can thus get someone to 
>> go on-site and have physical access for you), it's a no-brainer.  If 
>> it's not your box, then . . .
>>
>> Cheers,
>> L4J
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ