Hack ShoreTel to Make Yourself the System Administrator?

I don't know how many times I have had a client tell me that there IT guy quit and they do not know the password to the ShoreWare Director.     Passwords are encrypted to it is way to much effort to read the database, find the user and then run some funny program to recover the password.  Why bother?  If you have a "plain vanilla" user who has a password you know, you are done!   By now I assume you have followed the DrVoIP recurring recommendation to get SQLyog installed on your ShoreTel server?

Here is what you need to do.  First, connect to the ShoreTel MySQL database with a utility like SQLyog.   Find the TABLE for USERS.   This contains all of the attributes that define a user, including one name ROLE ID.   This will be a column  within the USER TABLE similar to any other column like name and extension number.   Find a user that you know the password for.  Scroll through the database on the row for that user and find the column for "ROLE ID, change it from NULL (e.g. plan vanilla user) to the integer number 1, and you have just made that user a System Administrator with God Level privileges!   Save the change log out of the ShoreTel MySQL database.  Bring up ShoreWare Director and log in as the user who's password you know.  You will find that you are now a full System Administrator and you can add yourself as a System Administrator and change the other user back to plain vanilla.

You might need ShoreTel Support or CISCO Support, visit https://www.drvoip.com/.

This is a great strategy, simple and easy to accomplish.  The video clip demonstrates just how to do it! -DrVoIP
 

http://www.youtube.com/watch?v=bBD9G3qWWDY

Listed below are links to sites that reference Hack ShoreTel to Make Yourself the System Administrator?:

Around TMCnet:

About this Entry

This page contains a single entry by Peter Buswell (aka DrVoIP) published on July 24, 2009 7:50 PM.

Where is the ShoreTel Query File? was the previous entry in this blog.

V Switch Schedule does not Change Automated Attendant? is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Around TMCnet Blogs

Latest Whitepapers

TMCnet Videos