What to do?

johntgs · July 6, 2021, 5:58pm

I came upon a new customer with freepbx on a PC. No one knows root password or freepbx login information and original installer is out of business. This is a restaurant. Must we start from scratch? I have managed to get myself back in to my own systems but I knew root password.

Is this a case of finding out the O/S and then googling it to find instructions?

david55 · July 6, 2021, 6:10pm

It should be possible to reset a Linux root password if you have physical access to the machine. However, although, in principle, it isn’t that difficult, I don’t think it is something that should be detailed on a public forum.

GSnover · July 6, 2021, 6:13pm

Piece Of Cake:

TipsAndTricks/ResetRootPassword - CentOS Wiki

[HowTo] How to reset a FreePBX administrator password | FreePBX Hosting

Physical Access to the machine is the most important security measure - but if you have physical access, resetting lost ones is trivial.

sorvani · July 6, 2021, 6:15pm

It is completely public already. This is not a security risk.

jfinstrom · July 6, 2021, 7:12pm

Security rule #1: if they have physical access it’s over.

johntgs · July 7, 2021, 12:02am

Supposedly it was installed in 2014. Thanks for the advice and I will let you know how it goes, if it goes.

johntgs · July 14, 2021, 1:30am

Just to follow up it was not a Freepbx PC. After some investigation the PBX is a re-branded PBX appliance by Yeastar which I believe runs some sort of asterisk but we are locked out. Probably barking up the wrong tree here. Nonetheless no easy solution and customer isn’t too keen on rebuilding the whole setup.

david55 · July 14, 2021, 1:24pm

You’ll need to take the hard disk out and edit it outside the machine.

billsimon · July 14, 2021, 1:40pm

It’s not clear what your relationship is to this customer but it seems like a clear opportunity to sell them something better, that you can support. They may not be keen on rebuilding the setup but I bet they would be happier about it if they knew a new FreePBX / PBXact system would be well cared for by johntgs and they won’t have another emergency like this.

johntgs · July 15, 2021, 7:22pm

Yes, that is going to be our goal. Get them on a good system with good support. I don’t believe in a magic but is there a way to somehow obtain the sip credentials over the network for the existing 15 - 20 IP phones or must we manually do so and then retype them into another pbx?

nielsen · July 15, 2021, 7:27pm

I don’t believe the SIP credentials are passed “in the clear” - though if this is a very old system maybe there is a chance of that? Also, I’ve found poorly setup systems tend to use the same password for all phones so you might luck out there.

Are you unable to reboot the system off of a “live linux cd” and then go look at the files in /etc/asterisk to get this info?

billsimon · July 15, 2021, 7:32pm

If they are provisioning using a cleartext method like tftp or http then you can probably grab what you need with wireshark.

Or do as david55 said, get the disk out of the old system and mount it on a system you control, and then you can read the configs from the asterisk config files.

cynjut · July 15, 2021, 8:13pm

A slightly less dangerous option would be to pull the disk and duplicate it, then put it back. Use the duped copy for your forensics and you should be able to pull all of the information from the “/mnt” mounted file system. The advantage there is that you can do it in a more leisurely timeframe and have (as a side benefit) a backup you can use if the drive craps while you are working on the replacement.

This also gives you the advantage of being able to test everything before you get started with the “real” uprade.

dicko · July 15, 2021, 8:32pm

Even less disruptive if the machine boots and you have root access to it from the ‘forensic machine’ :-

ssh [email protected]  "dd bs=16M if=/dev/sda"|dd bs=16M of=/place/to/put/the/image.img

you can then mount the output file produced somewhere convenient.|

In that image the directories etc/* var/lib/asterisk* var/spool/asterisk/* and var/lib/mysql will probably have useful breadcrumbs like asterisk’s .conf files and the asteriskdb sqlite3 file (this depending on how asterisk was deployed on the original appliance)

cynjut · July 15, 2021, 9:23pm

The genesis of the problem was no ‘root’ and no ‘freepbx’ password. I think he’s pretty well jammed up unless he can get access to the hardware, but once he does, there are lots of ways ahead.

dicko · July 15, 2021, 9:26pm

There I was thinking the server was physically available to him. (It would be hard to “pull” the physical drive otherwise )

sorvani · July 15, 2021, 9:34pm

He has no root access. and yeah, he was told to go onsite and use single user mode to recover root access.

dicko · July 15, 2021, 9:38pm

Then I suggest he take his laptop and an RJ45 as well as his screwdriver (maybe a monitor and keyboard if the appliance has those holes add a usb to serial adapter if it doesn’t.)

johntgs · July 16, 2021, 11:32pm

All great ideas. Thank you for your input.

system · August 16, 2021, 11:32pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.