How To Crack Sonicwall Firewall Password !NEW!
Tanesha Prately
So something very annoying happened. I was changing the password for the built-in administrator account. It accepted the change but now neither the old or the new password work. Looks like dashes in the password are not allowed but the appliance doesn't warn about this. So I'm locked out of the built-in account.
I have another user account that is part of the "Sonicwall administrators" group and I can access the appliance through SSH with this account. Is there any way to reset the built-in admin password through this account either through SSH or the local ESXi console? The command "admin password" requires the old password but neither one works. I guess the new password is mangled because of the dashes in the password, but no idea what it could be now.
If it's not possible I have the tedious work of factory reset and re-configuration to be done in the future. Luckily I have a a conf backup from last night but there are lots of changes made since then. From the CLI I can perhaps output the recent changes from this other account.
I think I remember this happening previously with SSL-VPN where after changing the password in Mobile Connect the new password wasn't accepted. The appliance probably mangles or normalizes the dashes/hyphens somehow to a format that isn't recognized from the input afterwards.
I tried the password with hyphens, dashes, underscores, forward slashes and whatever the third dash-like character is called that is on the standard keyboard layout. None worked but I wonder if it would work if I knew what the appliance thinks the character is or how it normalizes it during input and hashing.
SonicOS really should validate the input better and not allow this. I just generated a new password from password manager without thinking any further and SonicOS didn't give any error about invalid input.
I think the same can happen with a physical appliance, at least with SSL-VPN users when they change their password in Mobile Connect. Hyphens/dashes at least seem to be the issue, not sure if other special characters cause the issue.
I tried changing the password throught the CLI in both "user local" and "admin password" sections but I guess "user local" can't be used to reset the primary admin account and the other command requires the old password.
In the end I had to factory reset and import the configuration back. Luckily I had a secondary admin account that enabled me to export the latest configuration. If you don't have that I guess you are out of luck unless support has some trick to try,
So how did you know it was the dashes? I do happen to have a dash in the new password. so it kinda makes sense but i talk to a sonic engineer who said not aware of forbidden characters in password for sonicwall firewall.
@geevo It's just my hunch that the dashes are the reason, as I think they were the only special character in the password. I've also seen a similar problem with SSL-VPN where the password change isn't successful and if I remember it correctly that was also caused by a dash.
The password meets the requirements but adding a dash seems to confuse it to not accept it. I tested with both Mobile Connect on macOS and NetExtender on Windows. I suspect this same problem affects the primary admin account but the new password isn't rejected like with SSL-VPN and the password is stored in some corrupted form.
Unfortunately the default password was changed but no one has the password. We are installing a new VoIP provider and need to whitelist a few IP addresses and ports but don't want to clear out any existing settings by resetting to the factory default.
I saved a copy of the current settings / firmware in SafeMode. If I select to reboot with the factory default, will I be able to log into the firewall and restore the current settings from SafeMode while keeping the default password? Or will that restore the current password too?
@BWC Does this really work? I don't think I've ever exported the settings through Safe Mode and I've assumed that the settings can't be exported without knowing the current password as a security feature.
@SonicAdmin80 hmm you got me thinking, but @RooibosGreen got the config exported in Safe Mode and if we follow the usual "logic" and import a config to a factory reset appliance it should end up in having the default password with a running config.
@BWC On most networking appliances you need to know the admin password to export settings, but I haven't done the export in Safe Mode on a SonicWall, so can't be sure. If it's possible it's a bit of a security hole although user passwords aren't in a readable form and the built-in admin password isn't included.
Could it be that in Safe Mode the settings export actually exports the default configuration, or are you certain it exports the user config? If that's the case I must make a note as this could come in handy.
@SonicAdmin80 I can't say for sure, it seems in Gen7 there is no export config option in Safe Mode according to the KB article. I assumed it was possible in the way @RooibosGreen described it. I checked on an older appliance and there was indeed no configuration export option in Safe mode, maybe the Download Firmware option got confused with it?
@BWC I usually start configuring a new appliance after resetting it to factory defaults and updating the firmware through Safe Mode, but I can't remember the options either. But sounded odd that exporting settings without a password would be allowed in Safe Mode. I still haven't used Gen 7 devices much so don't know all the options there, except to be careful not to wipe the whole OS.
As an aside, I noticed both files have the same size and got to wondering whether changing settings would have changed the file sizes, too, such as adding whitelisted IPs, etc? Perhaps there weren't many changes made to default settings?
Do any of these devices have their VPN server setup? If so and they are using local user accounts (SonicWALL local user accounts) to access the VPN server try the user name and password for those VPN accounts to log into the SonicWALL.
I do not have a backup and the previous IT support does not have a backup which means I will have to reset to default and reconfigure all of them. The old one might have expired licenses, will I lose the firewall functionality when I reset that one? Thanks for your help guys.
Some things are too cool not to share. I've recently published articles about how to authenticate into network hardware using RADIUS + TOTP multi-factor authentication (MFA). It works by appending a code to your password after comma, i.e., "Password,12345." This method of authentication is best used on private networks or over a VPN, along with monitoring. The advantage is not having to share and manage a single set of local credentials, which is important if someone leaves the IT department. This configuration is now even easier with the inclusion of Push MFA, which eliminates the step of typing the extra code.
Combining RADIUS with MFA with previously only possible using EAP/TLS, which transmits passwords over cleartext. You'll soon be able to opt for CHAP/CHAP2, which is somewhat more secure given the shared secret is always encrypted. This video is an overview of work that I did with an AWS EC2 instance using a SonicWall NSv firewall. Please excuse the Philly accent.
I'm trying to write a shell script (Bash) to log into a SonicWall firewall device and issue a command to perform automated backups of the devices ruleset. I prefer to do this in Bash but I will accept a python, perl, except, or applescript solution. If it cannot be done in bash please mention that.
I recommend looking at spawning "expect" sessions. Basically in your script you use expect to basically say "i expect to see password: in the response, when i do, i need to pass in the following data".
2. Enable Firewalls
Make sure firewall security features are enabled on all key devices connected to your network. Firewalls act as a gate blocking malicious traffic and preventing cyber threats from infiltrating your system.
3. Activate WPA2 Encryption
Wi-Fi Protected Access 2 (WPA2) is the most effective encryption protocol available for home wireless networks. Whenever possible, enable WPA2 encryption to ensure data transmitted over the internet is secure and encrypted.
4. Use Two-Factor Authentication
Two-factor authentication (2FA) adds an extra layer of protection to your network. It requires users to provide both username and password plus a unique code sent via a text message or email before they can access the network.
6. Disable Remote Access
Disable the remote access feature for added security. This prevents anyone from gaining access to your network from outside your network, reducing the possibility of data breaches.
Securing your Sonicwall network is essential to avoiding security breaches and the negative consequences of data leaks. A secure network is the first step to protecting your customers and their data. Here are some benefits of securing your Sonicwall network:
When you secure your Sonicwall network, you are engaging in good data security practices that reduce the risk of a security breach or data leak. Furthermore, a secure network provides customers with confidence in their security. This builds trust with your customers and allows them to use your services with confidence.
Q: What is Sonicwall?
A: Sonicwall is a network security appliance that provides organizations with encrypted access to the Internet. It is used for secure remote access and to protect networks from cyber threats.
While our SonicWall Inspector will work with firmware versions older than 6.5.4.9, version 6.5.4.9 is the only version fully supported by SonicWall, and therefore, the only version fully supported by Liongard. For best results, update your SonicWall devices to version 6.5.4.9.
If you would like to roll out the SonicWall Inspector through an On-Premises Agent, you must first install the Windows Agent on a server within the network residing behind the firewall of the SonicWall device.
7fc3f7cf58