7705 editing config.cfg using vi in order to update unknown password

[cevo]

Hello,
Can't login, because I don't know the admin password.Is there a way to edit the password in config.cfg to update the password?
Here is what I tried:
Interrupted 7705 boot, logged in as admin/admin, can see the original configuration.
user is admin, I can see hash password but since it is not in plain text, don't know what it is.
Configured admin/password on another 7705. Used Apple123 for password for test purpose, then looked at the config, got the hash password.
Went back to first 7705, used vi to search and replace the hash password. After reboot, I tried admin/Apple123 but could not login.

Below is the user section in original config:
user admin
password YhCcqAjPWrbgsTODcbP.vk hash2
access console ftp snmp
no home-directory
no restricted-to-home
console
no login-exec
no cannot-change-password
no new-password-at-login
member administrative
exit

I went back to config.cfg, using vi, searched and replaced "no new-password-at-login" with "new-password-at-login" then saved and rebooted.
I was hoping that the router would ask me to enter my new password at login but that did not work either.
Any idea what else I can try?

Thanks,
Cevo

[mivens]

Using vi have you tried changing the password line in the config to just

Code: Select all

 password Apple123

i.e. enter the cleartext, not the hash?

[cevo]

Thanks for the suggestion mivens,

I tried Apple123 and "Apple123".
Rebooted, did NOT interrupt the boot. Tried admin/Apple123 but login failed.
I tried admin/admin and I was able to log in, I was not expecting that (as if I interrupted the boot).
Now, "admin# display-config" output is identical to the one when I interrupted the boot and logged in admin/admin.

user "admin"
password Apple123
access console ftp snmp
no home-directory
no restricted-to-home
console
no login-exec
no cannot-change-password
new-password-at-login
member "administrative"
exit


user "admin"
password "Apple123"
access console ftp snmp
no home-directory
no restricted-to-home
console
no login-exec
no cannot-change-password
new-password-at-login
member "administrative"
exit

Thanks,
Cevo

[bmccloskey]

You're on the right track. You'll need a console cable and an ethernet cable to do this. Restart the router, interrupt the boot sequence and when it asks for config location type none. This will boot the device to a blank config. Now you need to configure the router with ftp-server ->configure->system->security->ftp-server as well as ->configure->system->security->user "admin" access ftp console. Configure an port->ethernet->access->network. Now configure an interface on the router with a private ip address such as 192.168.1.10/24 port 1/1/*. Set your computer ethernet adapter with an IP address in the same subnet range you created on the router interface. Use ftp to "get" your old config off of the router. Now you will need to edit the config file where it says "password" delete the hash and put in your desired password so password Apple123. Use ftp to "put" the config back on the router. Now you'll have to edit the bof.cfg. Add to your bof primary-config cf3:\config.cfg and save. Exit bof and do and admin reboot. When your router restarts you will be able to use the new password. If you have a 7705 with multiple CF cards or CPM cards you'll have to unseat the non active CPM. Hope it works for you.