Friday, November 18, 2016

How to recover a lost BiG-IP F5 SECRET

If your familiar with a BIGIP F5, once you apply the   secret for  RADIUS or TACACS it is hash.

The quick and sure way to recover these secrets is to build a radius health check and set the debug option and  monitor the output. This is great if you have ucs config file &  with a secret that's unknown or not recorded.

The output within the  debug message will display the  text of the secret. The steps are;

1: craft a radius-health monitor and include some type of secret and enable the  'debug'





2: from the tmsh  list the radius monitor and edit the ltm monitor radius <mon-name> and replace the earlier  secret with the  hashed secret you want to decrypt.


e.g

 edit ltm monitor radius TEST







3:  From  F5 the unix bash shell find the debugged output after you have apply the  health monitor a defined pool, cat the  output and that would be your recovered secret. This works for recovering both RADIUS or TACACS secrets.





NOTE: this does not work for  users or admin  accounts, they are hashed using a one crypt function.
 The user password in the RADIUS health check will also be displayed





















Ken Felix

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

No comments:

Post a Comment