17 Jan, 2008

Who wants ShoreTel telnet login credentials?

Posted by: Neil In: tech|web

Part of my job is administering a ShoreTel VoIP phone system that spans the entire corporation. We have three majors sites and a couple of other small branch offices… all spread across the nation.

It’s a really great system and is great to work on as far as administration of the system. I’ve found a good amount of valuable tech support using the ShoreTel support on their site, but I’ve found some equally beneficial help on shoretelforums.com. I value the help that I find on both websites. However, I recently became frustrated when searching for the default username and password for a ShoreTel switch.

I had to telnet into this particular switch to check on most likely add some ip routes. I’d done it before but did not document the login credentials I had used previously. So, I went to the place that I had found it before: shoretelforums.com. I searched for “telnet” and the first result was a post that had a link to the ShoreTel.com support document with the credentials… only this time the link was broken.

After racking my brains for a few minutes, I remembered the password and my colleague recalled the username. I thought is was sort of strange that no one on the forums site had simply posted the credentials. So, I did just that… only to find that my post had been edited and the credentials removed. Here’s what it said:

{edit: this site is open to the public, and for security reasons, I’d rather not have this password openly available. Feel free to PM it to somebody, but not post it openly. Thanks, and hopefully no hard feelings }

Sorry, but I think that’s just plain lame. No, there’s no hard feelings… but I don’t understand the logic in keeping this sort of information ‘secret’ from the public.

I help maintain a network infrastructure with Cisco and HP core switches that I believe are much higher on the importance chain than a VoIP switch. I can go to the manufactures sites for either of these and easily find the default credentials for any of their products. What makes it so important to keep this information ‘secure’ from the public.

Well, since I can’t post the credentials on the shoretelforums.com site, I’m going to post them right here on my site!

**edit**
There is a good reason that the credentials are kept from public view. If you are not familiar with working within the VxWorks CLI, then you should be cautious when using it… perhaps not even take the risk, and just contact your support vendor. Be aware that you may cause irreparable damage to the device. If you’re unsure, you should contact your ShoreTel support vendor.

Default ShoreTel VxWorks login credentials:
Username: anonymous
Password: ShoreTel

Don’t forget to enable telnet to that device before wasting your time trying to log in:
for a phone: phonectl.exe -telneton TARGET_IP_ADDRESS
for a switch: ipbxctl -telneton TARGET_IP_ADDRESS

Now, we’ll just have the interweb search monkeys go an do their voodoo… and before you know it, when you google “shoretel telnet login” or “vxworks credentials”… let’s just see if this post gets a better ranking than the forums.

When it comes down to it, if this post helps just one poor soul quicker than going through the forums or the ShoreTel site, then I’ll be happy.

Tags: , , , , ,

20 Responses to "Who wants ShoreTel telnet login credentials?"

1 | gene rodriguez

February 28th, 2008 at 8:58 am

Avatar

thank you, youve help out this poor soul!

2 | Michael mullen

February 29th, 2008 at 6:18 pm

Avatar

THIS IS AWESOME! I really needed to telnet into one of my switches.
thanks

3 | Neil

March 5th, 2008 at 4:53 pm

Avatar

It took me a while to go through my comments and approve them… looks like I’ve helped a few folks in need of help!

4 | Isidro

March 7th, 2008 at 7:14 am

Avatar

Hello, thanks for posting this however it is not working for me. I put in anonymous for the username and ShoreTel for the password and it says incorrect….. What did you mean by “Don’t forget to enable telnet to that device before wasting your time trying to log in:
phonetcl.exe -telneton TARGET_IP_ADDRESS” Where is this .exe file? Anyways thanks again

5 | Neil

March 22nd, 2008 at 4:55 pm

Avatar

Isidro… sorry for taking so long to respond, I’ve been traveling quite a bit.

You need to run that command from your Director server. Once you do that, you should be good to go.

6 | DoTell

April 4th, 2008 at 12:13 am

Avatar

I bought an IPBX-12 used and can not log into a telnet session. Is it the case that after resetting the device, it will not accept telnet authentications without being configured by Director first? It does not have a serial port? The telnet port will not accept connections until configured by software? Does vxworks have some default password like root/root or similar? Is this IPBX model a lost cause?

7 | Charles

April 6th, 2008 at 12:00 am

Avatar

Sorry you didn’t like the fact that I edited your post on ShoretelForums. Your post was the first one that I had to edit within 2 years of running the forum. I don’t work for Shoretel, and I don’t get paid to host it. I am just providing an outlet, just like you.

with that said, If you have “default” passwords running on your cisco and HP switches, then any IT savvy person could mess with them. That’s why most people change them, right? Do you have the ability to change the telnet password in Shoretel? Are you aware of the damage or information that somebody could get by logging into one of these switches.

I didn’t care if you shared it, just not publicly. The password is not hard to get, I just didn’t see the need to make it any easier.

-Charles

8 | Neil

April 11th, 2008 at 6:50 am

Avatar

@DoTell
You must first enable telnet on that device from the Director. How old is the unit?

@Charles
Thanks for posting a comment. I do appreciate your feedback. And your forums are a great source for ShoreTel support.

You are correct regarding the dangers of damaging the equipment with the ability to log into them. However, I believe that if you’re paying the money for any device, you should have the ability to work with it as you need. Keeping the credentials private seems too restrictive to me (regardless of how ‘easy’ it is to get them). I don’t agree with having to contact someone else to get access into a device that I own.

With telnet disabled on all devices, and having to manually enable it from the Director, I think that adds an extra layer of security against someone just telnetting into a voice switch randomly.

Why doesn’t ShoreTel allow that password to be changed? Why not just have telnet always enabled on all devices and have the ability to change the credentials… like most other network devices? If that was the case, I wouldn’t be typing this right now.

I’ve updated my post with a warning about potential damage that can be caused.

9 | DoTell

April 11th, 2008 at 11:00 pm

Avatar

Neil,

My suspicions are confirmed. I am looking for voip solutions and came across this older unit (IPBX-12) with some curiosity. Hosted voip is the way to go for small businesses. This Shoretel unit just proves that any tin box will cost its weight in gold in IT support. Any way, I will give the tin can one final chance. I will post the the unit’s ip address and forwarded port 5555 (or whatever). If anyone with this Director thing would be kind enough to enable the telnet I would be much obliged, otherwise thanks for you comments.

10 | Neil

April 12th, 2008 at 7:38 am

Avatar

@DoTell
Not as simple as that. The Director is a Windows server that runs on your network. Would not be possible for anyone to user their own Director to manage your switch.

You’ve got just one piece of the puzzle for a ShoreTel solution. To know the full cost, you should contact ShoreTel and have them get you in touch with a reseller.

11 | Charles

April 14th, 2008 at 11:59 pm

Avatar

I’ll clear up a misconception. Enabling telnet via the Shoretel Director Server is not the only way to enable it, it’s just that the Shoretel Server has the “ipbxctl” and “phonectl” commands loaded on them. There are utilities that have been written by dealers that give you the same functionality from any computer you like. It’s not hard to do and it’s not hard to duplicate this.

with that said, the password is out there, and since it is…no reason to stop it now. I have re-edited your original post and placed the password there. Shoretel Forums is a Support forum after all, and it’s only there to help.

Charles

12 | Duane Martz

August 12th, 2008 at 10:08 am

Avatar

You need a different commeand for a Shoretel Switch

ipbxctl -telneton XXX.XXX.XXX.XXX
login=anonymous
pw=ShoreTel

13 | Neil

August 12th, 2008 at 10:26 am

Avatar

@Duane
You are correct… I provided the -telneton command for a phone, not a switch. Thank you for the heads up, I will edit the post.

14 | tom

September 16th, 2008 at 12:05 pm

Avatar

telnet to phone returns could not open on port 23, is there a different port other than the default used for phones?

15 | Neil

September 16th, 2008 at 1:22 pm

Avatar

@tom
have you enabled telnet on the phone? at the end of the original post, it provides the command to run for doing this.

best to do this from the director.
phonectl.exe -telneton x.x.x.x

once it’s enabled, you should get a prompt to log in.

16 | Nematoad

January 28th, 2009 at 2:33 am

Avatar

I have a Shoregear-12 IPBX-12 phone switch. My Shoretel director 5.2 system cannot find it. Its also called a teleworker.

Do you know where the console port on this switch is located? Do you know how to clear its config?

MM

17 | Nematoad

January 28th, 2009 at 2:39 am

Avatar

I opened up my Shoregear-12 Teleworker and looked it over. It appears to have some rows of header pins on the circuit board. Anyone know which one is the console header, which one is the JTAG port, and which one will clear the device’s settings. Shoregear-12 is dated 1998. Very old, but still functiaonl.

Nematoad

18 | Neil

January 29th, 2009 at 10:34 am

Avatar

That is some old equipment Nematoad. I’m not familiar with the hardware on those units. Have you tried asking for help over at shoretelforums.com? Lost of helpful folks over there that may have your answer.

19 | David

April 19th, 2009 at 11:28 am

Avatar

i have an 60/12 and the phones that i would like to use is there a way to use them without the server?

or is there a way to get the 7.5 software so i can build a server

20 | Neil

May 28th, 2009 at 7:58 am

Avatar

David… sorry for the lack of response, I was out of work and looking for a new job… which I’ve found, thankfully.

Hopefully you’ve found your answer and gotten the help you need on your question. For what it’s worth, I do not believe that you can use a Shoretel switch without the director server.

Comment Form

Search


  • Linda Crawford: Awesome Christmas Card. Congratultions to Melanie on finishing Chemo. It was wonderful to see you and hope to do it again soon
  • Travis Williams: Happy Holidays Bernharts... You deserve it. This year has been one for the record books! Ho Ho Holy COW!
  • Karin: Hi Neil, I just saw this great blog and it brought so many wonderful memories back. We had sooooo much fun together !! Our Dads will always be with

Flickr PhotoStream

Calendar


Copyright © 2007 TheBernharts.com is proudly powered by WordPress

Fervens - C Theme is created by: Design Disease brought to you by Smashing Magazine