Manager Password Recovery

[liquidshokk]

Hi

We were recently surprised to hear that an IT company that took over maintenance of a friends IP Office system was able to find out the manager password without defaulting the unit.. I had previously dialled into the system but couldnt open the config as didnt know the password..

Is there some password recovery tool im not aware of or a crack to find out the password?!?

.... or did they just manage to convince the previous IT company to confirm the password?!

Thanks

 

[CoolJimy84]

There isn't a tool, but a little known trick (or i hope so) to read out the password...

However i wouldn't like to post an item on it as the amount of people that would see it..

 

[Bas1234]

Try to login under security.

Have a look here;

http://marketingtools.avaya.com/kno...edProjects/manager/html_security_settings.htm

___________________________________________
It works! Now if only I could remember what I did...
___________________________________________

 

[liquidshokk]

I assume were talking about changing it through security settings on the assumption that the security details are default? May not be the case and don't you have to conform the old password to change it anyway? Id appreciate it if someone coould confirm how it's done somehow. Liquidshokk@hotmail.com

 

[kholladay]

In security you would need to know the old password in order to set a new password.

Here is what you need both via Manager and/or DTE.

http://marketingtools.avaya.com/kno...rojects/manager/editing_security_settings.htm

Kyle Holladay
ACA-I, ACA Call Center, ACS-I, ACS-M, TIA-CTP, MCP/MCTS Exchange 2007
ACE Implement: IP Office

"Thinking is the hardest work there is, which is the probable reason why so few engage in it." - Henry Ford

 

[kholladay]

Oops. Sorry. For DTE you would erase the system via DTE and then re-load your config as the security settings are not part of the config.

I would feel pretty foolish if I not only lost my Administrator password but also the security password. Good thing you fired the old IT company.

Kyle Holladay
ACA-I, ACA Call Center, ACS-I, ACS-M, TIA-CTP, MCP/MCTS Exchange 2007
ACE Implement: IP Office

"Thinking is the hardest work there is, which is the probable reason why so few engage in it." - Henry Ford

 

[IPGuru]

1) Security settings can be defaulted using the DTE port without erasing the cfg file, if your maintainer does not know how to do this find a competent one (it is in the documents!)

2) I have a utility that will provide the system password provided you have a network connection, this get you in to systems V3.1 & earlier. it has also got me in to security settings when the previous maintainer has set the security password & sys password to the same value.

In short provided you have physical acces to the unit is easy & if you have an unauthorised person in your comms room then you have far bigger issues to worry about

 

[kholladay]

http://marketingtools.avaya.com/kno.../installation/resetting_security_settings.htm

Kyle Holladay
ACA-I, ACA Call Center, ACS-I, ACS-M, TIA-CTP, MCP/MCTS Exchange 2007
ACE Implement: IP Office

"Thinking is the hardest work there is, which is the probable reason why so few engage in it." - Henry Ford

 

[amriddle01]

The main chalenge is getting a modern laptop with a serial port

ACS - IP Office Implement

"I'm just off to Hartlepool to buy some exploding trousers

 

[TomMills]

im using a usb adapter. it works pretty well.

"There's a dog in the New Zealand section

 

[TomMills]

http://tinyurl.com/m8b7ch

dunno if it only works with thinkpads though,


"There's a dog in the New Zealand section

 

[amriddle01]

I have tried USB to serial convertors before but none work 100% on the kit we use (Kirk for example....yuk) so I stear clear now. you can buy laptops with them if you pay the little extra

ACS - IP Office Implement

"I'm just off to Hartlepool to buy some exploding trousers

 

[liquidshokk]

Cheers guys

the history to it Is that a friends company came to me for a quote for support. I dialled into them but the password had been changed. They also got a quote from somewhere else and they got into config somehow without knowing password. I knew I could get in if I had DTE access but neither of us had that. I only imagine that they managed to track down the password from previous maintainers or had this utility yo find it out as there's a good chance they are on pre 3.1 software.... Came on, name that utility

 

[liquidshokk]

....utility you mention*... bloody iPhone and fat fingers...

 

[TomMills]

maybe they did the delta server trick?

"There's a dog in the New Zealand section

 

[Bas1234]

Another thing you can do.

Get any Network Alchemy tool, open an offline config and use Revelation to capture the password.

___________________________________________
It works! Now if only I could remember what I did...
___________________________________________

 

[TomMills]

and you can use delta server to help you get that config.

"There's a dog in the New Zealand section

 

[liquidshokk]

What's the delta server trick?

I know of the revelation tool, I use peekaboo as it's not blocked by our virus software but does it work on security settings on IPO?

 

[Bas1234]

stop/start ccc delta service, it will the leav a copy on the delta server pc.

But you can use;

tftp -i 192.168.42.1 get "config/t%$'~ q" myConfig.cfg

in a dosbox.

___________________________________________
It works! Now if only I could remember what I did...
___________________________________________

 

[liquidshokk]

So will the config show in dos revealing the password? I already have the config but handy to know about stop start trick. How would trick have got them the manager password? Surely that would have just got them thf config.... Really should have checked if security pw had been changed... I reckon it hadn't and they used a revealed on the password in sec settings...