Brute force password recovery? 2

[bnohifi]

Hello,

My company is using a Nortel 470-48T switch and we lost the password for this switch. I know there is a recovery method but we can't restart the switch and we don't want to lost all the vlans.

Is it possible for me to use some brute force software to crack the password? any help would be appreciated

 

[anthonyanderberg]

Perhaps, but you should probably try calling Nortel first. Some older switches have a backdoor password based on the serial number or base mac address... it was only certain revisions of certain models but the Nortel support folks will know.

 

[Alainv]

If you have another baystack, you could try to stack it.
Since the password for stack's and standalone units are different.

 

[bnohifi]

I tried this method on my test 470 switches. It works but it will lost all my vlans.

 

[lefaboune]

Hi,

Is this the telnet password?

In this case, you can log with Device Manager.
Then upload an ASCII file exemple.cfg that looks like this:

enable
configure terminal
!
! *** CORE ***
!
cli password switch serial local
cli password switch telnet local
cli password switch read-only "newropassword"
cli password switch read-write "newrwpassword"
!
end

Create this file with a simple text editor.
Just replace 'switch' by 'stack' if the BS470 is stacked.

Tell if it worked fine.



Fabrice

http://www.aeroportsdeparis.fr/

 

[bnohifi]

Hello,

I couldn't find the "upload" feature in Nortel Java Device Manager. Which Device manager software did you mention? Thank you I'll try that asap

 

[bnohifi]

Oh. Is it under "Edit" -> "File System" ?

 

[lefaboune]

Yes it is in 'Edit/Fle System'.
There must be a 'ascii config file' tab next to the 'Config/Image/Diag File' one.

Now, to add the new password, it is -of course- the 'download' fonction you have to use!
Put the tftp server IP address and the full path filename, select 'AsciiConfigManualDownload' and click 'Apply'

The same way, you can use the 'upload' fonction to save the actual config into an ascii file, where you can read your forgotten password...

what boss and DM versions are you using?
Us: boss 3.6.6 on BS470-24T and DM 6.0.3.

@+


Fabrice

http://www.aeroportsdeparis.fr/

 

[bnohifi]

Hi lefaboune

Many thanks! It works perfectly!!

I tried to download the ascii configuration file from the switch and I wasn't able to read the password (it was encrypted).

Then I copy and paste that CORE section, change the password, and upload it back to the switch and everything works!

thanks again!

 

[itenghm]

please I tried to download the ascii file but the the download failed "the directory name is invalid" !

 

[itenghm]

sorry the problem was solved

 

[itenghm]

the problem was solved thanks

 

[lefaboune]

Hi bnohifi

happy I could help.

For the "encrypted" password, i think it was much "corrupted". we had this problem, so we worked with Nortel technical support.
They removed v3.6.2 and released v.3.6.2.4 to prevent memory corruption (see technical bulletin 020588-01 and/or 3.6.2.4 release notes).
the last v3.6.6 is quite stable...

bye



Fabrice

http://www.aeroportsdeparis.fr/