Here is the application that decrypts the passwords in platformConfig.xml. It's been tested with 6.x, 8.x and 9.x. Should work with 7.x as well. Please let me know if you run into any problems or have feedback. http://www.adhdtech.com/UCOS%20Password%20Decrypter.exe Thanks,Pete From: [email protected] To: [email protected] Date: Sun, 2 Feb 2014 19:29:39 -0600 Subject: [cisco-voip] UCOS Password Recovery (not reset)
I've received a few messages off list regarding the possibility of recovering (as opposed to just resetting) a cluster security password from a non-rooted, patched UCOS 6.x-9.x host. Short answer; yes, it's possible, contrary to the official responses...https://supportforums.cisco.com/thread/2164756 Disclaimer:What's discussed below is best done in a lab environment and should never be done in production. It may render your box unsupportable, make your hair fall out or give you the urge to bark like a dog in meetings. That being said, I've actually had to do this on a production host due to the fact that we inherited the environment but not all the passwords. The choice was either take one host down for 20 minutes to copy a file or take a longer outage on every host in the cluster as required by the official Cisco password reset process. Plus the official process is a change, so tack on a week to get approval from change management.http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/8_6_1/cucos/iptpch2.html Of course it's well known that the platformConfig.xml file contains the encrypted passwords, but so far I haven't found any existing utilities to perform the decryption. Ended up writing one in C# this weekend; could use some volunteers to test it if anyone is interested. You point it toward your plaformConfig.xml file and it will output the following... Localhost Admin Name & PasswordSFTP PasswordCluster Security PasswordApplication User Name & Password Needless to say, the hard part is extracting this file from a non-rooted, patched UCOS host... /usr/local/platform/conf/platformConfig.xml I've only found two surefire ways to do it without rooting, but both require shutting down the host and booting to a live Linux ISO. If you're using a VM, create a snapshot between shutting down and booting to the ISO. If you accidentally change/delete something or the UCOS volumes are not cleanly dismounted (you hit the power), you may very well hose the box. Local Copy to TFTP MethodCreate a scratch XML file on your workstation. Can't be zero-length, so enter some junk text.Upload scratch XML file to the host's TFTP directory using the GUI.Reboot the host to a live Linux ISO.Mount the '/' and '/common' volumes.Use 'cat' to copy the contents of platformConfig.xml to the scratch file in the TFTP directory. A straight copy would seem easier, but will not work due to the security settings of the newly created file.Reboot the host, let it boot to UCOS as usual.Use a TFTP client to download the scratch XML file from the host's TFTP server. Remote Copy MethodReboot the host to a live Linux ISO.Configure networking.Mount the '/' and '/common' volumes.Use your favorite remote copy method (TFTP, FTP, SCP) to copy platformConfig.xml to a remote host.Reboot the host, let it boot to UCOS as usual. The first option requires no knowledge of Linux; the second is more straightforward. I took screenshots of the first process just in case. But before I finish documenting I thought I'd check with the group. Does anyone have a better way to get at this file? Maybe one that doesn't involve shutting down the host? The only "shortcut" I've found so far takes advantage of a directory traversal bug which has been patched for some time...http://www.securityfocus.com/archive/1/520414 Thanks,Pete _______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
