SBS 2003 has lost its CAL’s (Client Access Licenses reset to 5)

KB ID 0000339

Problem

Been a while since I’ve seen this one, and strangely I didn’t document it. so when I was asked this morning I searched here on PeteNetLive, and In my personal database of solutions but the cupboard was bare.

Solution

1. Before you do anything make sure your SBS has plenty of space on the hard drive, simply running out of room on the system drive can cause SBS to lose its licences, make sure this is not your problem.

2. If you have plenty of room, then click Start > Run > services.msc {enter}. Locate the Licence Logging service > Right Click > Stop.

3. Locate the licstr.cpa file (it’s in C:windowssystem32 by default) > Rename it to licstr.OLD.

4. Locate the autolicstr.cpa (Should be in the same folder) and COPY it to your desktop to create a backup, Then rename the original to licstr.cpa

5. Back in the services console restart the “Licence Logging Service”.

6. Your licences should now be back in place.

7. Finally, you will notice there’s an option in the Licensing console to back up your licences, now would be a good time, to avoid having to do this again.

 

Related Articles, References, Credits, or External Links

NA

Exchange – Delete and Recreate the PowerShell Virtual Directory

KB ID 0000700 

Problem

One of the big drawbacks of Exchange management being built on PowerShell, and it talking to the PowerShell virtual director is, when IIS has a problem, you can’t manage your Exchange via the command shell, or the Exchange Management Console.

While trying to fix a problem last week I wanted to remove and recreate the PowerShell virtual directory, and I found the PowerShell command, but no working examples for the correct syntax.

Solution

1. Remember your Exchange Management Shell won’t work, so load the Windows Powershell Modules shell. (Note: You will find this one under Administrative tools, NOT the one on the taskbar).

2. To remove the PowerShell virtual directory from the default web site;

[box]
Remove-PowerShellVirtualDirectory “Powershell (Default Web Site)”
[/box]

3. Confirm by pressing A {enter}.

4. To recreate the PowerShell virtual directory;

[box]New-PowerShellVirtualDirectory -Name Powershell -RequireSSL:$False [/box]

5. You can restart the web services with the following command;

[box]
iisreset /noforce
[/box]

 

Related Articles, References, Credits, or External Links

Original article written 22/12/12

GNS3 – Routers Lose their Certificates When Restarted

KB ID 0000955 

Problem

I was doing some work with PKI and routers today, and after spending ages enrolling all my routers for certificates, I thought I’d save my hard work and return to it later. When I started the project up again, I was less than happy all the devices certificates had ‘Disappeared’!

Solution

This is default behavior, to change this select Edit > Preferences > Dynamips > Locate ‘Automatically clean the working directory’ and DESELECT it > Apply >OK.

Related Articles, References, Credits, or External Links

NA

Cisco – Cracking and Decrypting Passwords (Type 7 and Type 5)

KB ID 0000940 

Problem

Decrypt Type 7 Cisco Passwords

The Internet is full of sites that have something like the tool below, tap your ‘encrypted’ password in and it will reveal the Cisco password.

 

Input Type 7 Obfuscated Password: Output Plain Text Password:

As you can see I’ve specifically written ‘obfuscated’ above, because the password isn’t actually encrypted at all. All that happens is the Vigenere algorithm is used to obfuscate the password. While tools like the one above are all well and good, your Cisco router will do exactly the same for you, to demonstrate, paste the following into the tool above.

107D1C09560521580F16693F14082026351C1512

Hopefully you will get the password Sup3rS3cr#tP@ssword.

Your router can also convert that to clear text for you;

[box]

Petes-Router#
Petes-Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Petes-Router(config)#key chain decrypt
Petes-Router(config-keychain)#key 0
Petes-Router(config-keychain-key)#key-string 7 107D1C09560521580F16693F14082026351C1512
Petes-Router(config-keychain-key)#exit
Petes-Router(config-keychain)#exit
Petes-Router(config)#exit
Petes-Router#
*Mar 1 00:04:48.691: %SYS-5-CONFIG_I: Configured from console by console
Petes-Router#show key chain decrypt
Key-chain decrypt:
key 0 -- text "Sup3rS3cr#tP@ssword"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
Petes-Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Petes-Router(config)#no key chain decrypt

[/box]

So whats the point of these type 7 passwords? Well the only real benefit of them is if someone is looking over your shoulder while you are looking at the config, they can’t see actual passwords in the config.

The passwords in my config are in clear text? That’s because there are three levels of password storage 0 (not encrypted), 7 (weakly encrypted), and (5 strongly encrypted). If you want to convert your config to display them as 7 you need to enter the service password-encryption command;

[box]

Petes-Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Petes-Router(config)#service password-encryption
Petes-Router(config)#

Before

username pete password 0 Password123

After

username pete password 7 142713181F13253920796166

[/box]

If Type 7 passwords are so weak, how do I use Type 5 passwords? When creating accounts use the secret command like so;

[box]

Petes-Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Petes-Router(config)#username petelong secret Password123
Petes-Router(config)#

Displays in the config as;

username petelong secret 5 $1$VkQd$Vma3sR7B1LL.v5lgy1NYc/

[/box]

Decrypting Type 5 Cisco Passwords

 

Decrypting a Type 5 Cisco password is an entirely different ball game, they are considered ‘secure’ because they are ‘salted’ (have some random text added to the password to create an MD5 hash) however that random salt is shown in the config.

[box]

username attackme secret 5 $1$TMnL$iAFs16ZXx7x18vR1DeIp6/

[/box]

Well armed with the salt and the hash, we can use exactly the same method that Cisco use to create the encrypted password, by brute force attacking the password, this might sound like a difficult piece of hacking ninja skill, but we simply use openssl on a Linux box (here I’m using CentOS 6.5), all you need is a wordlist.txt file (search the Internet).

Feed openssl the salt, and a piece of the hash (see the example above), and it will run through, (grep) the wordlist until it finds a match, where it spits out the decrypted password an the original hash like so;

[box]

[root@pnl-server1 ~]# openssl passwd -1 -salt TMnL -table -in wordlist.txt | grep 8vR1DeIp6
SECRETPASSWORD $1$TMnL$iAFs16ZXx7x18vR1DeIp6/
[root@pnl-server1 ~]#

[/box]

The decrypted password is SECRETPASSWORD

Note: The limitation here is the password has to be in the wordlist.txt file,but if you are adept at searching the Internet there are some impressive wordlist files out there, just make sure you use one that has full line breaks. Also remember, the longer the wordlist, the longer it takes.

Related Articles, References, Credits, or External Links

NA