Password Recovery Confirmation
It seems we have a problem.
Our central IT Department is changing their external facing IP's due to a new ISP on the weekend.
The problem this creates for me: -
I have 2 sites that connect over a Site-to-Site VPN.
One of the routers I can get into over Telnet, because it uses a standard password (setup by our old Central company before we got taken over two years ago (I've only been here 6 months so do not have any communications with previous IT People
The other router uses a password which I do not know.
I know the standard password recovery routine - Break, confreg 02142, reset, read config, break level 7 password.
In order to do this though, you need to be at the Router... which is not possible as it is over 300 miles away.
Am I going on a road trip this weekend then ?
Our central IT Department is changing their external facing IP's due to a new ISP on the weekend.
The problem this creates for me: -
I have 2 sites that connect over a Site-to-Site VPN.
One of the routers I can get into over Telnet, because it uses a standard password (setup by our old Central company before we got taken over two years ago (I've only been here 6 months so do not have any communications with previous IT People
The other router uses a password which I do not know.
I know the standard password recovery routine - Break, confreg 02142, reset, read config, break level 7 password.
In order to do this though, you need to be at the Router... which is not possible as it is over 300 miles away.
Am I going on a road trip this weekend then ?
Comments
-
scheistermeister
Member Posts: 748 ■□□□□□□□□□
Well you could always get the config and try to crack the password. If it just has the "password" command with service-password encryption those are easy to break with many websites. If it has an enable secret you could try cracking it with rainbow tables. There was a project not too long ago that was like seti that was setup to make a huge database of passwords and their equivalent MD5 hash. Cisco routers do not use a salt if I remember correctly making it feasible.
Or have someone on site do it...Give a man fire and he'll be warm for a day. Set a man on fire and he'll be warm for the rest of his life. -
gorebrush
Member Posts: 2,743 ■■■■■■■□□□
If I had the config, then surely I'd have the password too
I mentioned that I knew about level 7's being crackable
My last option, I suppose, is to get another Router, and build a new config (I can do this knowing what I know about the remote site) -
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
Get somone to hook a laptop up to it and use RDP or some other method of remotly controlling their laptop.The only easy day was yesterday! -
ITdude
Member Posts: 1,181 ■■■□□□□□□□
Sounds like a great idea! Otherwise what is the weather like these days for a road trip in Wales?I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.
__________________________________________
Simplicity is the ultimate sophistication.
(Leonardo da Vinci) -
gorebrush
Member Posts: 2,743 ■■■■■■■□□□
Get somone to hook a laptop up to it and use RDP or some other method of remotly controlling their laptop.
Also a good idea.
However, there are no laptops on site, and no PC's nearby that we can hook up.
Actually I've gone the other way...
I found out this morning that the central IT dept were responsible for migrating the routers to their network in the first place - so surely one of them will know how it was done
-
gorebrush
Member Posts: 2,743 ■■■■■■■□□□
Ah well, they're sending me another router.
Luckily I have a configuration lifted out of another router that is connected in a very similar way, so I should be able to get that done and send it up...
