Penetration Testing mailing list archives

Re: [PEN-TEST] Router Password Recovery

From: Greg <greg () HOOBIE NET>
Date: Wed, 31 Jan 2001 21:03:17 -0000

In addition to downloading the router config from a Cisco using SNMP r/w
community through OID 1.3.6.1.4.1.9.2.1.55.x.x.x.x you can set a new
password, or update running config in any other way using OID
1.3.6.1.4.1.9.2.1.53.x.x.x.x <file>

The deal is similar, the x.x.x.x specifies a tftp server and file specifies
a file to UPLOAD to the router. This file could contain perhaps one line :
'enable secret password', this then resets the Cisco enable password to
'password' within running config so no reboot etc. is needed. Sweet.

Using this technique you can basically do what you like, add yourself to
access-lists, disable TACACS, disable logging - whatever. Multiple commands
can be placed into the file.

Greg Jones

Current thread:

[PEN-TEST] Router Password Recovery Smith, Lonnie (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Bill Pennington (Jan 30)
- Re: [PEN-TEST] Router Password Recovery UID Zero (Jan 30)
  - Re: [PEN-TEST] Router Password Recovery Frank Keeney (Jan 30)
    - Re: [PEN-TEST] Router Password Recovery Greg (Jan 31)
- <Possible follow-ups>
- Re: [PEN-TEST] Router Password Recovery Justin Shaffer (Jan 30)
  - Re: [PEN-TEST] Router Password Recovery Randy Williams (Jan 30)
    - Re: [PEN-TEST] Router Password Recovery Robert van der Meulen (Jan 30)
    - Re: [PEN-TEST] Router Password Recovery Randy Williams (Jan 31)
- Re: [PEN-TEST] Router Password Recovery Leif Sawyer (Jan 30)