Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Brute force password recovery? 2

Status
Not open for further replies.

bnohifi

IS-IT--Management
Nov 21, 2006
13
CA
Hello,

My company is using a Nortel 470-48T switch and we lost the password for this switch. I know there is a recovery method but we can't restart the switch and we don't want to lost all the vlans.

Is it possible for me to use some brute force software to crack the password? any help would be appreciated
 
Perhaps, but you should probably try calling Nortel first. Some older switches have a backdoor password based on the serial number or base mac address... it was only certain revisions of certain models but the Nortel support folks will know.
 
If you have another baystack, you could try to stack it.
Since the password for stack's and standalone units are different.
 
I tried this method on my test 470 switches. It works but it will lost all my vlans.
 
Hi,

Is this the telnet password?

In this case, you can log with Device Manager.
Then upload an ASCII file exemple.cfg that looks like this:

enable
configure terminal
!
! *** CORE ***
!
cli password switch serial local
cli password switch telnet local
cli password switch read-only "newropassword"
cli password switch read-write "newrwpassword"
!
end

Create this file with a simple text editor.
Just replace 'switch' by 'stack' if the BS470 is stacked.

Tell if it worked fine.



Fabrice
 
Hello,

I couldn't find the "upload" feature in Nortel Java Device Manager. Which Device manager software did you mention? Thank you I'll try that asap
 
Oh. Is it under "Edit" -> "File System" ?
 
Yes it is in 'Edit/Fle System'.
There must be a 'ascii config file' tab next to the 'Config/Image/Diag File' one.

Now, to add the new password, it is -of course- the 'download' fonction you have to use! :p
Put the tftp server IP address and the full path filename, select 'AsciiConfigManualDownload' and click 'Apply'

The same way, you can use the 'upload' fonction to save the actual config into an ascii file, where you can read your forgotten password...

what boss and DM versions are you using?
Us: boss 3.6.6 on BS470-24T and DM 6.0.3.

@+


Fabrice
 
Hi lefaboune

Many thanks! It works perfectly!!

I tried to download the ascii configuration file from the switch and I wasn't able to read the password (it was encrypted).

Then I copy and paste that CORE section, change the password, and upload it back to the switch and everything works!

thanks again!
 
please I tried to download the ascii file but the the download failed "the directory name is invalid" !
 
Hi bnohifi

happy I could help. :)

For the "encrypted" password, i think it was much "corrupted". we had this problem, so we worked with Nortel technical support.
They removed v3.6.2 and released v.3.6.2.4 to prevent memory corruption (see technical bulletin 020588-01 and/or 3.6.2.4 release notes).
the last v3.6.6 is quite stable...

bye



Fabrice
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top