Password Recovery Confirmation

It seems we have a problem.

Our central IT Department is changing their external facing IP's due to a new ISP on the weekend.

The problem this creates for me: -

I have 2 sites that connect over a Site-to-Site VPN.

One of the routers I can get into over Telnet, because it uses a standard password (setup by our old Central company before we got taken over two years ago (I've only been here 6 months so do not have any communications with previous IT People

The other router uses a password which I do not know.

I know the standard password recovery routine - Break, confreg 02142, reset, read config, break level 7 password.

In order to do this though, you need to be at the Router... which is not possible as it is over 300 miles away.

Am I going on a road trip this weekend then ?

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

scheistermeister

Well you could always get the config and try to crack the password. If it just has the "password" command with service-password encryption those are easy to break with many websites. If it has an enable secret you could try cracking it with rainbow tables. There was a project not too long ago that was like seti that was setup to make a huge database of passwords and their equivalent MD5 hash. Cisco routers do not use a salt if I remember correctly making it feasible.

Or have someone on site do it...

gorebrush

If I had the config, then surely I'd have the password too

I mentioned that I knew about level 7's being crackable

My last option, I suppose, is to get another Router, and build a new config (I can do this knowing what I know about the remote site)

tiersten

Road trip time...

dtlokee

Get somone to hook a laptop up to it and use RDP or some other method of remotly controlling their laptop.

ITdude

Sounds like a great idea! Otherwise what is the weather like these days for a road trip in Wales?

gorebrush

dtlokee wrote: »

Get somone to hook a laptop up to it and use RDP or some other method of remotly controlling their laptop.

Also a good idea.

However, there are no laptops on site, and no PC's nearby that we can hook up.

Actually I've gone the other way...

I found out this morning that the central IT dept were responsible for migrating the routers to their network in the first place - so surely one of them will know how it was done

gorebrush

Ah well, they're sending me another router.

Luckily I have a configuration lifted out of another router that is connected in a very similar way, so I should be able to get that done and send it up...