Comments on: How to get Root access on Call Manager 5/6 Server http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/ Tips and Video Tutorials - Cisco .:. Linux .:. VOIP Tue, 29 Nov 2011 04:01:10 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Missing CUCM Configuration Files | The Networking Nerd http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/comment-page-1/#comment-38886 Missing CUCM Configuration Files | The Networking Nerd Thu, 18 Aug 2011 21:34:06 +0000 http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/#comment-38886 [...] the least bit squeemish.  The first thing you should read is the great guide at blindhog.net about gaining root access on CUCM 5.x/6.x.  It’s a very handy way to show you that the underlying system in CUCM is actually RedHat [...] [...] the least bit squeemish.  The first thing you should read is the great guide at blindhog.net about gaining root access on CUCM 5.x/6.x.  It’s a very handy way to show you that the underlying system in CUCM is actually RedHat [...]

]]> By: Conseguindo acesso Root ao CUCM « Architecture for Voice, Video and Integrated Data http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/comment-page-1/#comment-38292 Conseguindo acesso Root ao CUCM « Architecture for Voice, Video and Integrated Data Mon, 25 Apr 2011 18:21:59 +0000 http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/#comment-38292 [...] http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/ [...] [...] http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/ [...]

]]> By: Sandro Gauci http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/comment-page-1/#comment-33622 Sandro Gauci Tue, 01 Jun 2010 10:18:19 +0000 http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/#comment-33622 Hi there - thanks this has been useful for us. Wanted to drop a note: Recurity labs published an alternative method to this which does not involve booting off a livecd: http://blog.recurity-labs.com/articles/jail-breaking_cisco_unified_communication_manager/index.html - sandro Hi there – thanks this has been useful for us. Wanted to drop a note: Recurity labs published an alternative method to this which does not involve booting off a livecd:
http://blog.recurity-labs.com/articles/jail-breaking_cisco_unified_communication_manager/index.html

- sandro

]]> By: Unified Communications Manager 7.1(3) in VMWare | دانلود بازی کلیپ موبایل موزیک فیلم http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/comment-page-1/#comment-33611 Unified Communications Manager 7.1(3) in VMWare | دانلود بازی کلیپ موبایل موزیک فیلم Thu, 27 May 2010 19:23:30 +0000 http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/#comment-33611 [...] can access its underlying Linux operating system and obtain root access. There are known methods to bypass this. If you have already found a way then you may configure the virtual machine such as CUPS [...] [...] can access its underlying Linux operating system and obtain root access. There are known methods to bypass this. If you have already found a way then you may configure the virtual machine such as CUPS [...]

]]> By: Unified Communications Manager 7.1(3) in VMWare http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/comment-page-1/#comment-33610 Unified Communications Manager 7.1(3) in VMWare Thu, 27 May 2010 17:58:14 +0000 http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/#comment-33610 [...] can access its underlying Linux operating system and obtain root access. There are known methods to bypass this. If you have already found a way then you may configure the virtual machine such as CUPS [...] [...] can access its underlying Linux operating system and obtain root access. There are known methods to bypass this. If you have already found a way then you may configure the virtual machine such as CUPS [...]

]]> By: Cisco CUCM/Call Manager – Running on Sun’s Virtual Box « Kevsters Blog http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/comment-page-1/#comment-33242 Cisco CUCM/Call Manager – Running on Sun’s Virtual Box « Kevsters Blog Tue, 02 Feb 2010 23:08:11 +0000 http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/#comment-33242 [...] Next follow the guide here http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/ to get root access.  Make sure you use the CentOS Disk 1 rather than the Live [...] [...] Next follow the guide here http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/ to get root access.  Make sure you use the CentOS Disk 1 rather than the Live [...]

]]> By: Amit http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/comment-page-1/#comment-33191 Amit Thu, 21 Jan 2010 16:34:37 +0000 http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/#comment-33191 I am new to Linux I am tring to edit /usr/local/bin/base_scripts/hardware_check.sh file but I am getting error saying read only file, can any one help me with? I am new to Linux
I am tring to edit /usr/local/bin/base_scripts/hardware_check.sh file but I am getting error saying read only file,
can any one help me with?

]]> By: Mark Holloway » Blog Archive » Unified Communications Manager 7.1(3) in VMWare http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/comment-page-1/#comment-32903 Mark Holloway » Blog Archive » Unified Communications Manager 7.1(3) in VMWare Wed, 18 Nov 2009 19:18:33 +0000 http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/#comment-32903 [...] access its underlying Linux operating system and obtain root access.  There are known methods to bypass this.  If you have already found a way, then you may configure the virtual machine such as CUPS [...] [...] access its underlying Linux operating system and obtain root access.  There are known methods to bypass this.  If you have already found a way, then you may configure the virtual machine such as CUPS [...]

]]> By: Salman http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/comment-page-1/#comment-27846 Salman Wed, 18 Mar 2009 12:25:58 +0000 http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/#comment-27846 Thanks Pushkar for sharing this, that worked. salman Thanks Pushkar for sharing this, that worked.

salman

]]> By: David Martyn http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/comment-page-1/#comment-26990 David Martyn Tue, 03 Mar 2009 13:29:17 +0000 http://www.blindhog.net/how-to-get-root-access-on-call-manager-56-server/#comment-26990 I have tested this link and it works like a charm. I am a big fan of Pushkar Bhatkoti's blog. Link: http://pushkarbhatkoti.wordpress.com/2009/01/25/a-fun-with-cisco-call-manager-6x-how-to-root-access-to-ccm6x-box/ Topic: A fun with Cisco Call manager 6x - root access to CCM6x box cut and paste: January 25, 2009 at 3:55 am | In CCM 5x 6x 7x stuffs | | Edit this post Tags: hacking cisco call manager 6x, how to get root access to ccm ccm6x ccm7x, logging in as a root in cisco call manager ———————————————————————————————- Duh… its 42 degree outside here in Sydney and it is also a long weekend - this sounds boreing… nothing to do outdoor. My mind got crazy and then I thought to play with my new toy - CCM version 6.x. Note: before you read this please note, do not try to apply it on your production server. Quite often, when we are working on the production server and we need access to call manager 5x 6x 7x root shell (penguin shell), we had to call bloody TAC and do wait for ages before we get access to the root shell. Last week this happend to my friend and he told me that is there anyway to get access to the call manager root shell. He upgraded his CCM from v5 to 6x and the disk space got on ccm server got full. So he had to delete some files from ccm using LINUX shell. Somehow cisco has managed to lock it down so that no root access to the ccm appliance. I given my old method to my friend and he got access to the root shell [grub /lilo breakin method like we do to recover root password]. Today I got some time to do some research on this and found out a less effort method which you can safely apply to your production server without breaking anything related to Cisco’s software. So using below method you would be able to access your call manager in the same fashion like TAC guys do. You don’t have to call them and wait…hehhe… download fedora9, redhat linux 4 or above or centos disk1. burn it on a CD or dvd. this disk iwll be used in the step #3 STEP#1: Create remote account on your CUCM. ———————————————————– ssh to your CUCM box. I use Ubuntu as a desktop, if you are billy fane you can use ssh or secureCRT. frog# ssh administrator@142.2.64.254 you’ll get below prompt: admin: create a account and enable remote account to this box: admin:utils remote_account create frog 100 admin:utils remote_account enable noticed 100 in the above is number of days ‘frog’ username / account will be valid. If you want it forever, then just type 0 STEP#2: reboot the server: ———————————- admin:utils system restart STEP#3: create password for ‘frog’ remote user ———————————————————- While server reboots, pop-in a linux booteble disk (downloaded centos or redhat first disk) to MCS server or your lab toy. When you see boot prompt type ‘linux rescue: boot:linux rescue That will give you the root shell access of root# initblah# Rescue disk mounts the CCM hard disk image as a /mnt/sysimage. Now chroot to this image to change in the /etc/ files or passwords: #chroot /mnt/sysimage [root#ccm-] # Note1: if you dont’ see the root prompt and /etc/pass file, then you may need to mount your sysimage. Note2: If you are Opensource folk and know how to penguinworks u can jump direct to step#4. Actually adding user here vs adding them when u get root# shell using a booteble CD, is that u don’t have to apply all admin groups to remote user. according to the one of the hacker wesite, remote user must be a member of the following groups in CCM BOX: disk, sys, adm, bin, wheel and root STEP#4: change attribute of /etc files and create ‘frog’ user’s password: ————————————————————————————— Cisco have locked the attribute to read only to all /etc/passwd /etc/group /etc/shadow and /etc/gshadow file to protect those files. Make all of below files attribute from read only to read/write. So when you change ‘frog’ users password the system will let you change it. root#chattr -i /etc/passwd root#chattr -i /etc/shadow root#chattr -i /etc/group root#chattr -i /etc/gshadow root#passwd frog Now restart the server: use reboot command Dont’ forget to remove your DVD/CD from MCS server. Once that is done, access to the ccm from your favourite ssh client. mine is ubuntu these days. frog# ssh frog@142.2.64.254 Welcome to Remote Support [root@CUCM6~]# [root@CUCM6~]# [root@CUCM6~]# hehe… its your little linux box now. Do with it whatever you like. I will install freeRADIUS and some other cool tool like NMAP on this Cisco box. I have tested this link and it works like a charm.

I am a big fan of Pushkar Bhatkoti’s blog.

Link:
http://pushkarbhatkoti.wordpress.com/2009/01/25/a-fun-with-cisco-call-manager-6x-how-to-root-access-to-ccm6x-box/

Topic:
A fun with Cisco Call manager 6x – root access to CCM6x box

cut and paste:

January 25, 2009 at 3:55 am | In CCM 5x 6x 7x stuffs | | Edit this post
Tags: hacking cisco call manager 6x, how to get root access to ccm ccm6x ccm7x, logging in as a root in cisco call manager

———————————————————————————————-
Duh… its 42 degree outside here in Sydney and it is also a long weekend – this sounds boreing… nothing to do outdoor.
My mind got crazy and then I thought to play with my new toy – CCM version 6.x.
Note: before you read this please note, do not try to apply it on your production server.
Quite often, when we are working on the production server and we need access to call manager 5x 6x 7x root shell (penguin shell), we had to call bloody TAC and do wait for ages before we get access to the root shell.
Last week this happend to my friend and he told me that is there anyway to get access to the call manager root shell. He upgraded his CCM from v5 to 6x and the disk space got on ccm server got full. So he had to delete some files from ccm using LINUX shell. Somehow cisco has managed to lock it down so that no root access to the ccm appliance. I given my old method to my friend and he got access to the root shell [grub /lilo breakin method like we do to recover root password].

Today I got some time to do some research on this and found out a less effort method which you can safely apply to your production server without breaking anything related to Cisco’s software.

So using below method you would be able to access your call manager in the same fashion like TAC guys do. You don’t have to call them and wait…hehhe…

download fedora9, redhat linux 4 or above or centos disk1. burn it on a CD or dvd. this disk iwll be used in the step #3

STEP#1: Create remote account on your CUCM.
———————————————————–
ssh to your CUCM box. I use Ubuntu as a desktop, if you are billy fane you can use ssh or secureCRT.

frog# ssh administrator@142.2.64.254

you’ll get below prompt:

admin:

create a account and enable remote account to this box:

admin:utils remote_account create frog 100
admin:utils remote_account enable

noticed 100 in the above is number of days ‘frog’ username / account will be valid. If you want it forever, then just type 0

STEP#2: reboot the server:
———————————-
admin:utils system restart

STEP#3: create password for ‘frog’ remote user
———————————————————-

While server reboots, pop-in a linux booteble disk (downloaded centos or redhat first disk) to MCS server or your lab toy. When you see boot prompt type ‘linux rescue:

boot:linux rescue

That will give you the root shell access of root#

initblah#

Rescue disk mounts the CCM hard disk image as a /mnt/sysimage. Now chroot to this image to change in the /etc/ files or passwords:

#chroot /mnt/sysimage

[root#ccm-] #

Note1: if you dont’ see the root prompt and /etc/pass file, then you may need to mount your sysimage.

Note2: If you are Opensource folk and know how to penguinworks u can jump direct to step#4. Actually adding user here vs adding them when u get root# shell using a booteble CD, is that u don’t have to apply all admin groups to remote user.

according to the one of the hacker wesite, remote user must be a member of the following groups in CCM BOX:

disk, sys, adm, bin, wheel and root

STEP#4: change attribute of /etc files and create ‘frog’ user’s password:
—————————————————————————————
Cisco have locked the attribute to read only to all /etc/passwd /etc/group /etc/shadow and /etc/gshadow file to protect those files.

Make all of below files attribute from read only to read/write. So when you change ‘frog’ users password the system will let you change it.

root#chattr -i /etc/passwd
root#chattr -i /etc/shadow
root#chattr -i /etc/group
root#chattr -i /etc/gshadow

root#passwd frog

Now restart the server: use reboot command

Dont’ forget to remove your DVD/CD from MCS server.
Once that is done, access to the ccm from your favourite ssh client. mine is ubuntu these days.

frog# ssh frog@142.2.64.254

Welcome to Remote Support

[root@CUCM6~]#
[root@CUCM6~]#
[root@CUCM6~]#

hehe… its your little linux box now. Do with it whatever you like. I will install freeRADIUS and some other cool tool like NMAP on this Cisco box.

]]>