[cisco-voip] Recovering UCOS Passwords - Round 281

Pete Brown jpb at chykn.com
Sun Dec 9 16:18:31 EST 2018 

Someone responded directly with a few good questions.

Yes - you'll be able to run it against a live production system without taking an outage.

No - it doesn't involve any steps that could render your system unsupportable by TAC.

________________________________
From: cisco-voip <cisco-voip-bounces at puck.nether.net> on behalf of Pete Brown <jpb at chykn.com>
Sent: Sunday, December 9, 2018 2:24 PM
To: Daniel; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Recovering UCOS Passwords - Round 281

I've posted the updated UCOS Password Decrypter to the site.  If you click "Select Host", it will ask for the target system hostname, remote user and passphrase.  Although it won't work with systems patched since earlier this year, it should still be useful for some.

https://www.adhdtech.com/uctools.html<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.adhdtech.com%2Fuctools.html&data=02%7C01%7C%7C45ca44921cf147c944ef08d65e145a4a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636799838835071517&sdata=VQ1xRgB5nib2BiBa%2FwOtUq56Zi%2F5XExkpkytilWLts0%3D&reserved=0>

Good news is that I found another method for extracting the files that works even with newer systems.  Tested it last night with a non-rooted, bone stock 12.0(1)su2 install; works beautifully.  Will try to get it out in time for Christmas.  😊


________________________________
From: cisco-voip <cisco-voip-bounces at puck.nether.net> on behalf of Pete Brown <jpb at chykn.com>
Sent: Friday, December 7, 2018 10:19 AM
To: Daniel; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Recovering UCOS Passwords - Round 281

Sure enough, this round goes to our friends in Boxborough.  They're using the same algorithm as before, but now they're also encrypting the passphrase with RSA.  Unless the RSA private key fairy brings me something for Christmas, this route will be closed with updates.  That truly would be a gift that keeps on giving!  😊

For labs, there may be a workaround.  Try booting the UC host to a Linux CD and overwriting the following file with an older copy.  Then it should spit out a traditional passphrase when you create the remote account.

/usr/local/platform/bin/remotesupport_createaccount

Would probably be easiest to pull it from the RPM on an ISO.  This is the path on a 12.0.1.10000-10 disk.

\Cisco\ucplatform\RPMS\platform-remotesupport-2.0.0.1-3.i386.rpm


________________________________
From: cisco-voip <cisco-voip-bounces at puck.nether.net> on behalf of Pete Brown <jpb at chykn.com>
Sent: Thursday, December 6, 2018 9:00 PM
To: Daniel; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Recovering UCOS Passwords - Round 281

Interesting!  Any documentation on that?  I checked out the release notes for those versions and didn't come across anything pertaining to the remote support passphrase decode version.  Then again, I wouldn't be surprised if they didn't put this specific one in the notes.

If anyone comes across this, please let me know.  If it's just an algorithm change, I imagine it would be Decode Version 4.

________________________________
From: Daniel <daniel at ohnesorge.me>
Sent: Thursday, December 6, 2018 4:32 PM
To: Pete Brown; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Recovering UCOS Passwords - Round 281


Whatever method you are using to decode the passphrase will be obsolete in versions 10.5(2)su7, 11.5(1)su4 and 12.0(1)su2 (and above) as they are using a new method to decode the passphrase.

On 6/12/18 5:33 am, Pete Brown wrote:
I'm sure some of you noticed, but earlier this year Cisco started releasing patches to kill off the last sanctioned method of getting to platformConfig.xml.  When you run "utils create report platform" on recent versions, it's no longer in the report.  Someone in Boxborough really knows how to put the "cus(s)" in "customers"!

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvh62145<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fquickview.cloudapps.cisco.com%2Fquickview%2Fbug%2FCSCvh62145&data=02%7C01%7C%7C45ca44921cf147c944ef08d65e145a4a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636799838835071517&sdata=8kaNMRpkf4NGHa74aOPDG7eE%2F8brzasgrO%2B%2FvLL0CpU%3D&reserved=0>

I'm testing a new version of the UCOS Password Decrypter that acquires the file for you.  To use this feature, you enable remote support on your UCOS host then plug in the UCOS host IP, remote support user and remote support passphrase.  The app decodes the passphrase, pulls the file via SSH and displays the passwords.

Need a few volunteers to test before I update the tools page.  If you're interested, let me know.  Would post a temp link here but I don't want yet another dead link floating around.

-Pete



_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C45ca44921cf147c944ef08d65e145a4a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636799838835071517&sdata=TxGRYiSO5%2BEcDj4lRww%2BezeYM5UAT9OydcEu2tBqvLA%3D&reserved=0>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20181209/1c08d5d2/attachment.html>

More information about the cisco-voip mailing list