[cisco-voip] Recovering UCOS Passwords - Round 281
Pete Brown
jpb at chykn.com
Fri Dec 7 11:19:43 EST 2018
Sure enough, this round goes to our friends in Boxborough. They're using the same algorithm as before, but now they're also encrypting the passphrase with RSA. Unless the RSA private key fairy brings me something for Christmas, this route will be closed with updates. That truly would be a gift that keeps on giving! 😊
For labs, there may be a workaround. Try booting the UC host to a Linux CD and overwriting the following file with an older copy. Then it should spit out a traditional passphrase when you create the remote account.
/usr/local/platform/bin/remotesupport_createaccount
Would probably be easiest to pull it from the RPM on an ISO. This is the path on a 12.0.1.10000-10 disk.
\Cisco\ucplatform\RPMS\platform-remotesupport-2.0.0.1-3.i386.rpm
________________________________
From: cisco-voip <cisco-voip-bounces at puck.nether.net> on behalf of Pete Brown <jpb at chykn.com>
Sent: Thursday, December 6, 2018 9:00 PM
To: Daniel; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Recovering UCOS Passwords - Round 281
Interesting! Any documentation on that? I checked out the release notes for those versions and didn't come across anything pertaining to the remote support passphrase decode version. Then again, I wouldn't be surprised if they didn't put this specific one in the notes.
If anyone comes across this, please let me know. If it's just an algorithm change, I imagine it would be Decode Version 4.
________________________________
From: Daniel <daniel at ohnesorge.me>
Sent: Thursday, December 6, 2018 4:32 PM
To: Pete Brown; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Recovering UCOS Passwords - Round 281
Whatever method you are using to decode the passphrase will be obsolete in versions 10.5(2)su7, 11.5(1)su4 and 12.0(1)su2 (and above) as they are using a new method to decode the passphrase.
On 6/12/18 5:33 am, Pete Brown wrote:
I'm sure some of you noticed, but earlier this year Cisco started releasing patches to kill off the last sanctioned method of getting to platformConfig.xml. When you run "utils create report platform" on recent versions, it's no longer in the report. Someone in Boxborough really knows how to put the "cus(s)" in "customers"!
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvh62145<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fquickview.cloudapps.cisco.com%2Fquickview%2Fbug%2FCSCvh62145&data=02%7C01%7C%7Cc849d4703aca43cfad8608d65bf02e2a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636797484462385970&sdata=%2FR8GTLFa5AtsTX%2F9YMuVd6NRM%2FIeFeUTNpVeD%2Fl70O8%3D&reserved=0>
I'm testing a new version of the UCOS Password Decrypter that acquires the file for you. To use this feature, you enable remote support on your UCOS host then plug in the UCOS host IP, remote support user and remote support passphrase. The app decodes the passphrase, pulls the file via SSH and displays the passwords.
Need a few volunteers to test before I update the tools page. If you're interested, let me know. Would post a temp link here but I don't want yet another dead link floating around.
-Pete
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7Cc849d4703aca43cfad8608d65bf02e2a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636797484462385970&sdata=m9oZVsmT%2BeUquGut7lSD0vxTjBbFmNB4IFkYJ%2Bldotc%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20181207/4de08950/attachment.html>
More information about the cisco-voip
mailing list