5 replies to this topic

[chown]

I have 2 old BayStack 350s that I'd like to put to use but the problem is they're passworded, and I can't find a way to reset them. I've tried default user/password combinations, Ctrl+X, Ctrl+Z, Ctrl+C during POST, and no dice. I'm beginning to think that short of shelling out for a service contract it's not possible. I hate Nortel.

[jabzor]

http://www.tek-tips....=41420&page=115

Sounds like you can either phone them up and try to social your way in to generating a password based on the mac, stumble across a valid service contract and just demand it, try the ctrl-x/ctrl-h/ctrl-c/ctrl-z + 'NetICs' console password after a hardboot, or try your hand at brute-forcing the snmp/http/telnet/etc.

[mungewell]

I believe that you can bypass the password if you connect with a serial cable to the back of the switch.

Manual:
http://www.blackshee...-350-switch.pdf

Mungewell.

PS. I have one of these. 60W running power!!!! My new D-Link draws 3W.

[jabzor]

I believe that you can bypass the password if you connect with a serial cable to the back of the switch.
http://www.blacksheepnetworks.com/security/resources/using-baystack-350-switch.pdf

Console Password -- Enables password protection for accessing the CI through a TELNET session, a console terminal, or both.
If you set this field to Required, you can use the Logout command to restrict access to the CI. Thereafter, you will need to specify the correct password at the console-terminal prompt.

Caution: If you change the system-supplied default passwords, be sure to write the new passwords down and keep them in a safe place. If you forget the new passwords, you cannot access the console interface. In that case, contact Bay Networks for help.

Console Read-Only Password user
Console Read-Write Password secure
SNMP Read-Only Community String public
SNMP Read-Write Community String private

If the 'backdoor' password 'netICs' doesn't work (hardboot the device with a console cable plugged in, within 15 seconds from startup; try typing it in directly.. otherwise hit ctrl+c and try typing it in), sounds like he is down to brute-forcing one of the running services (go with an snmp dictionary attack), or contacting the vendor for the mac-based bypass.

[chown]

I believe that you can bypass the password if you connect with a serial cable to the back of the switch.
http://www.blacksheepnetworks.com/security/resources/using-baystack-350-switch.pdf

Console Password -- Enables password protection for accessing the CI through a TELNET session, a console terminal, or both.
If you set this field to Required, you can use the Logout command to restrict access to the CI. Thereafter, you will need to specify the correct password at the console-terminal prompt.

Caution: If you change the system-supplied default passwords, be sure to write the new passwords down and keep them in a safe place. If you forget the new passwords, you cannot access the console interface. In that case, contact Bay Networks for help.

Console Read-Only Password user
Console Read-Write Password secure
SNMP Read-Only Community String public
SNMP Read-Write Community String private

If the 'backdoor' password 'netICs' doesn't work (hardboot the device with a console cable plugged in, within 15 seconds from startup; try typing it in directly.. otherwise hit ctrl+c and try typing it in), sounds like he is down to brute-forcing one of the running services (go with an snmp dictionary attack), or contacting the vendor for the mac-based bypass.

Yeah I've tried all that (except bruting). I like your SE idea though, I think I'll give it a go

[chown]

PS. I have one of these. 60W running power!!!! My new D-Link draws 3W.

Yeah they're quite monstrous . I got mine at a garage sale for $2 (he didn't know the passwords either).