Monday, January 20, 2014

How to recover a fortimail "admin" account

The fortimail device has some limitations on the account named "admin"
  • you can't delete it
  • you can't change it's password or any details of the account unless your actually logged in as the user  "admin"

In this post, I will show you one simple means for changing the  "admin" account login if you have happen to have forgotten this user password. It does not require a reboot and is quite simple to do.

Step1: down the  configuration file by doing a backup

Maintenance> System

Step 2: Unix "vi" the cfg or use a text editor of your choice

Open the config file in a text editor like vi or vim and go down to the  config system admin  section

Step 3:  change the  ENC hashed string or a known user password

Here I'm using my  account "kfelix" string and replacing the admin ENC string with mine

Step 4:  Restore the newly modified config with the replaced hashed-string

Maintenance > System

Now you can  ogin as "admin"  and  you will find out the device would not have been reloaded

The above process will work for any FortiMail device, &  as long as you have at least one super_admin user installed.

note: Any super_admin user can change or delete any other account , except  "admin".

Depending on model and OS you will get either one of these 2 error messages if you try to change any part of the "admin" account and you are NOT login in as "admin"

Ken Felix
Freelance Network / Security Engineer
kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^
=(   ?   ?  )=
       /     \

No comments:

Post a Comment