Nickrod518 / PowerShell-Scripts. Pull requests 0. PowerShell-Scripts / Cisco Call Manager / Nick Rodriguez and Nick Rodriguez Added old scripts. Latest commit ca86d1c Feb 23, 2016. Type Name Latest commit message Commit time. Failed to load latest commit information.
it’s 42 degree outside here in Sydney today and is also a long weekend . This is so boring as I can’t do any outdoor activities. My mind got crazy and then I thought to play with my new toy – CCM version 6.x.
Warning:Before you read this post, please note -do not try to apply it on your production server. If you perform this on your production CUCM box, you may voiding Cisco contract. This is only for lab and learning purpose!
Quite often, when we are working on a production (or Lab) server and need a shell access to CUCM, we had to call Cisco TAC and wait for ages before we get access to the CUCM root shell. Many of us Linux geeks sometime want to jump onto the CUCM Linux shell, just like we natively access any other *NIX based server.Oh yeah, much more fun and seriously you can debug and troubleshoot things quicker. Without native shell accessing CUCM files or other thing using Cisco recommended method (CUCM OS) is like eating a banana without peeling it. Well you are eating the banana but eating the skin too, not so tasty :(. You got the point! One of my friends asked me last week – is there anyway to get access to the CUCM root shell. I asked why do u want to access the root shell to start with. He replied, I recently upgraded CUCM from v5 to 6x and the disk space creped up on and want to clear up some files. He was not aware of he could delete using CUCM OS CLI ‘file delete activelog blah..’ command but contented to get shell access to CUCM. I think Cisco did a good job in locking down the root access to the box. It make complete sense, why would anyone fiddle with a production box.
I tried with my old trick like we used to break Linux server password using normal old school way and surprisingly it worked. Cisco has not locked these down. I was expecting Cisco would really make it almost impossible to get access to the root but that was not the case. Today I got some time to do some research on this and found out a less effort method which you can safely apply to your production server without breaking anything related to Cisco’s software. Using the below mentioned method anyone would be able to get access to CUCM in less than 10 minutes. If you’re *NIX folk , you don’t have to wait for TAC to login to shell. I think there is the reason they are not allowing this officially. Vendor like Broadsoft give you root access to their softswitch linux servers. Why don’t they lock you down, just like cisco – I’d never have a clue.
I have given step-by-step method to break the root password of CUCM:
STEP#0: Download *nix bootable media
Download fedora9, redhat linux 4 or above or centos disk1. burn it on a CD or dvd. this disk will be used in the step #3. Google and you’ll find the ISO image.
STEP#1: Create remote account on your CUCM.
ssh to your CUCM box. I use Ubuntu as a desktop, if you are billy fane you can use ssh or secureCRT.
noticed 100 in the above is number of days ‘frog’ username / account will be valid. If you want it forever, then just type 0
STEP#2: Reboot the server:
admin:utils system restart
STEP#3: Create password for ‘frog’ remote user
While server reboots, pop-in a linux booteble disk (downloaded centos or redhat first disk) to MCS server or your lab toy. When you see boot prompt type ‘linux rescue:
boot:linux rescue
That will give you the root shell access of root#
initblah#
Rescue disk mounts the CCM hard disk image as a /mnt/sysimage. Now chroot to this image to change in the /etc/ files or passwords:
#chroot /mnt/sysimage
[root#ccm-] #
Note1: if you don’t’ see the root prompt and /etc/pass file, then you may need to mount your sysimage.
Note2: If you are Open Source freak and know very well how the penguin computing works, u may jump direct to the step#4. Actually adding user here vs adding them when u get root# shell using a booteble CD is that u don’t have to apply all admin groups to remote user. You got the sense I guess now.
The remote user must be a member of the following groups in CCM BOX: disk, sys, adm, bin, wheel and root
STEP#4: change attribute of /etc files and create ‘frog’ user’s password:
Cisco have locked the attribute to read only to all /etc/passwd /etc/group /etc/shadow and /etc/gshadow file to protect those files. Make all of below files attribute from read only to read/write. So when you change ‘frog’ users password the system will let you change it.
All done for now. This is your little linux toy box. Do anything just like you do with any other *NIX based operating system – no biggie. I will install freeRADIUS and some other cool tool like NMAP on this Cisco box.
-Push
Advertisements
There are many posts on Internet teaching you how to get root access on CUCM. This is not a secret. Since CUCM is Linux-based, the method is pretty straight forward - use a Linux boot CD to boot into rescue mode and modify the relevant files. Here's a simple walk through. Assuming CUCM was already installed. Boot the box with a Linux installation CD (e.g. RedHat). Type 'linux rescue' in the boot prompt.
Chose language. Default is 'English': Choose keyboard. Default is 'US':
We don't need to set up network. Thus choose 'No' here. Choose 'Continue' to mount the CUCM file system.
The following message is telling you that the CUCM file system has been mounted under /mnt/sysimage. If you want to map the root directory to the CUCM file system (which is recommended), you may use command 'chroot /mnt/sysimage'. Below are the commands and explanations.
This is to map the root directory to CUCM file system.
cd /etc
Change the working directory to /etc, where most of the system configuration files are stored. Remove file 'securetty' to allow remote connections with root.
passwd root
Reset (change) password for the root user. Type a password that is easy for you to remember. Retype it to confirm. If the password was changed successfully, you'll see the prompt 'passwd: all authentication token updated successfully'. Notes:
If you typed a simple password, you might get a warning like 'BAD PASSWORD: it is based on a dictionary word'. Just ignore it and retype to confirm.
There's no screen display for the password you're typing. Type carefully.
The following steps require some basic knowledge of the vi editor. If you're not familiar with vi, please search Internet for vi commands help.
vi passwd
Change the passwd file so the root user has a shell (command line interpreter) to use. Use vi commands. Change the line
To
Save and exit file. For those who are not familiar with vi, here are the command sequence (case-sensitive):
Type /s to search for character 's'
Type D to delete to the end of line
Type A to enter append mode
Type bin/bash to set the shell
Press ESC key (it's a key on the upper-left corner of your keyboard) to exit append mode
Type :wq to save and exit file.
Change the sshd_config file so you can SSH as root (it's disabled by default). Use vi commands. Change the line Save and exit file. For those who are not familiar with vi, here are the command sequence (case-sensitive):
Type /Per to search for the word begins with 'Per'
Type X to delete the letter on the left (which is '#' in this case)
Type :wq! to save and exit this read-only file
Back to command prompt and type exit command twice to reboot the system. Use a SSH client (such as putty) to test. You should be able to SSH into CUCM with root account. This method applies to all Linux-based appliances such as Unity Connection, CUPS, CER, UCCX (Linux version), etc. P.S. If the active partition is /PartB, you might run into an error like this: Just hit 'Enter' key to get to the shell. Then use the following commands: mount --bind /dev /mnt/sysimage/dev chroot /mnt/sysimage Updated 3/13/2015: I got many comments that 'this works on CUCM version xx but didn't work on version yy'. Please understand that CUCM is just an application running on top of the RedHat Linux (which Cisco uses for many of its 'appliances'). The rooting process is more OS related than application related. If it didn't work, there could be only two reasons: 1) Some steps were missed or weren't done right (most likely). or 2) RedHat changed how the authentication works between versions (very unlikely). In a nutshell, the rooting is not specific to CUCM. It's not even specific to Cisco. You may root any appliance that is based on a common OS (such as Linux). Last but not the least, this still works on my CUCM 10.5. :)