Password retrieval 1

[Mazze1]

Hi,

I have Avaya Ip Office 401 and i m wondering is there any way to restore/crack/sniff password, other than reseting the system?

 

[tlpeter]

depends if you have a config
is it a ip401 of a ip401ng (small office) ???


ACA - Implement IP Office
ACA - Voice Services Management
______________
Women and cats can do as they please and men and dogs should relax and get used to the idea!

 

[ProviderReborn]

If you have a config you should be laughing.
Also if your using 3.2 onwards you can DTE the security settings.

Give me a shout if you need any further info.

ACA - IP Office Implement
ACA - IP Telephony
ACS - IP Office Implement (Aug 30th)

 

[Mazze1]

Thx for reply, no i dont have config file (if i did i would reset it and upload the config).

I have ip401 (plain) and i m using manager 2.0
I tryed to scan for open ports, so that i can use some brute force crackers but there apparently isnt any open (tryed while idle and when password window was opened).

 

[tlpeter]

oke if you know the ipadres then i can help you

open a commandprompt

then type : Tftp <ipadress> get config filename.cfg

it will pull the config out of the ipoffice

if you have then let us know


ACA - Implement IP Office
ACA - Voice Services Management
______________
Women and cats can do as they please and men and dogs should relax and get used to the idea!

 

[ProviderReborn]

Even if you do not know the ip. You can get the hex from hyperterminal with the DTE lead in and rebooting.

You can then tftp the cfg accross and use snadboys revalation to get your password

ACA - IP Office Implement
ACA - IP Telephony
ACS - IP Office Implement (Aug 30th)

 

[Mazze1]

Thx, i will try it out on monday when i m at office.

 

[intrigrant]

The tftp trick will only work if the password is default.
The only way to resolve it if the password is not known AND there is no backup of the old config is to use the DTE connection.
Ho to do that is here in the FAQ area called DTE maintenance.

NIHIL NOVI SUB SOLE

 

[Mazze1]

I just read that FAQ but there isnt any explanation on how to get file just how to erase it.

 

[intrigrant]

Thats the only option left, erase the config.
Connect with a serial cable to the IPO, start hyperterminal :38400,8,N,1
Type at-debug, wait for prompt
type eraseconfig
type erasenvconfig
type reboot
system is then on factorydefault
LAN 1 ip address 192.168.42.1
LAN 2 ip address 192.168.43.1
configpassword = password

NIHIL NOVI SUB SOLE

 

[Mazze1]

I only need to do some minor changes, and i m not that experianced to start programming it from scratch.
I didnt tryed tftp jet but i m guessing that it prompts for password, so couldnt i use some password breaker to crack that password?

 

[tlpeter]

did you try to enter the system with the default password ?


ACA - Implement IP Office
ACA - Voice Services Management
______________
Women and cats can do as they please and men and dogs should relax and get used to the idea!

 

[Mazze1]

Yes i tryed, firm that installed it is gone and i cant get to them to get the password, and to hire a new firm to do that minor change is not afordable because they r not from my town

 

[tlpeter]

Then you realy need to DTE the unit

Do some preparation

What extensions do you have ?
How many analog ,digital or ip phones do you have ?
What are your ddi number and where do they go (users,groups etc)
It is not that hard

If the unit is default all your call will come in and are going to a group "Main"
That group contains every extension on the system
So incoming call keep coming in
And if you don't know it anymore whe are here to help


ACA - Implement IP Office
ACA - Voice Services Management
______________
Women and cats can do as they please and men and dogs should relax and get used to the idea!

 

[TheDoz]

Have you tried using the default password of the IP Office?

"The lack of money is the root of all evil

 

[mattKnight]

Is there a PC with manager installed on it? If so - search that PC for any file with a .cfg or .bak file ext.

I'd look really hard - if you have either of those files you are OK, if not you have to DTE and reprogram from scratch.

I KNOW OF NO OTHER "BACKDOOR"... (it doesn't mean there isn't one - but someone else would have mentioned it by now)

Take Care

Matt
If at first you don't succeed, skydiving is not for you.

 

[retsila]

I have a nce utility that will show the system password of any IPO (& alchemy) if you know its IP address & can connect to it.

I will place it on my ftp server at 82.18.64.203 for a week or so.

it wont give andmin logons for V3.2 upwards , but as these can be reset via the DTE it is not realy an issue.

 

[retsila]

Once I get home & givbe myself write permisions to the pubic directory

 

[ronromano]

If its a 401 its probably go old software on it. If its 2.1 you can open the config and view it with no password as long as you have the user name. Download snadboy's revelation and open the operator settings and view the password.

 

[Mazze1]

Retsila your ftp is down, ill try again later.

For now i worked out the problem i had whitout configuing ip office so for now i dont need to do any changes, but it would be nice to get that password, ill try out a few things and let u guys know how it go.