Jump to content


Photo
- - - - -

Nortel BayStack 350-24T password reset?


  • Please log in to reply
5 replies to this topic

#1 chown

chown

    SUPR3M3 31337 Mack Daddy P1MP

  • Moderating Team
  • 493 posts
  • Country:
  • Gender:Male
  • Location:Floating on a sea of hydrogen

Posted 24 November 2009 - 04:30 AM

I have 2 old BayStack 350s that I'd like to put to use but the problem is they're passworded, and I can't find a way to reset them. I've tried default user/password combinations, Ctrl+X, Ctrl+Z, Ctrl+C during POST, and no dice. I'm beginning to think that short of shelling out for a service contract it's not possible. I hate Nortel.

#2 jabzor

jabzor

    hax?

  • Agents of the Revolution
  • 1,146 posts
  • Country:
  • Gender:Male
  • Location:Northern Elbonia, fighting the lefties

Posted 24 November 2009 - 06:27 AM

http://www.tek-tips....=41420&page=115

Sounds like you can either phone them up and try to social your way in to generating a password based on the mac, stumble across a valid service contract and just demand it, try the ctrl-x/ctrl-h/ctrl-c/ctrl-z + 'NetICs' console password after a hardboot, or try your hand at brute-forcing the snmp/http/telnet/etc.

#3 mungewell

mungewell

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 376 posts
  • Location:Planet Earth

Posted 24 November 2009 - 12:58 PM

I believe that you can bypass the password if you connect with a serial cable to the back of the switch.

Manual:
http://www.blackshee...-350-switch.pdf

Mungewell.

PS. I have one of these. 60W running power!!!! My new D-Link draws 3W.

#4 jabzor

jabzor

    hax?

  • Agents of the Revolution
  • 1,146 posts
  • Country:
  • Gender:Male
  • Location:Northern Elbonia, fighting the lefties

Posted 24 November 2009 - 04:21 PM

I believe that you can bypass the password if you connect with a serial cable to the back of the switch.
http://www.blackshee...-350-switch.pdf

Console Password -- Enables password protection for accessing the CI through a TELNET session, a console terminal, or both.
If you set this field to Required, you can use the Logout command to restrict access to the CI. Thereafter, you will need to specify the correct password at the console-terminal prompt.

Caution: If you change the system-supplied default passwords, be sure to write the new passwords down and keep them in a safe place. If you forget the new passwords, you cannot access the console interface. In that case, contact Bay Networks for help.

Console Read-Only Password user
Console Read-Write Password secure
SNMP Read-Only Community String public
SNMP Read-Write Community String private


If the 'backdoor' password 'netICs' doesn't work (hardboot the device with a console cable plugged in, within 15 seconds from startup; try typing it in directly.. otherwise hit ctrl+c and try typing it in), sounds like he is down to brute-forcing one of the running services (go with an snmp dictionary attack), or contacting the vendor for the mac-based bypass.

#5 chown

chown

    SUPR3M3 31337 Mack Daddy P1MP

  • Moderating Team
  • 493 posts
  • Country:
  • Gender:Male
  • Location:Floating on a sea of hydrogen

Posted 24 November 2009 - 10:44 PM


I believe that you can bypass the password if you connect with a serial cable to the back of the switch.
http://www.blackshee...-350-switch.pdf

Console Password -- Enables password protection for accessing the CI through a TELNET session, a console terminal, or both.
If you set this field to Required, you can use the Logout command to restrict access to the CI. Thereafter, you will need to specify the correct password at the console-terminal prompt.

Caution: If you change the system-supplied default passwords, be sure to write the new passwords down and keep them in a safe place. If you forget the new passwords, you cannot access the console interface. In that case, contact Bay Networks for help.

Console Read-Only Password user
Console Read-Write Password secure
SNMP Read-Only Community String public
SNMP Read-Write Community String private


If the 'backdoor' password 'netICs' doesn't work (hardboot the device with a console cable plugged in, within 15 seconds from startup; try typing it in directly.. otherwise hit ctrl+c and try typing it in), sounds like he is down to brute-forcing one of the running services (go with an snmp dictionary attack), or contacting the vendor for the mac-based bypass.

Yeah I've tried all that (except bruting). I like your SE idea though, I think I'll give it a go

#6 chown

chown

    SUPR3M3 31337 Mack Daddy P1MP

  • Moderating Team
  • 493 posts
  • Country:
  • Gender:Male
  • Location:Floating on a sea of hydrogen

Posted 24 November 2009 - 10:48 PM

PS. I have one of these. 60W running power!!!! My new D-Link draws 3W.

Yeah they're quite monstrous :biggrin:. I got mine at a garage sale for $2 (he didn't know the passwords either).




BinRev is hosted by the great people at Lunarpages!