I have a group of network devices I need to get credentials for, NCM knows the credentials as it backs up the devices every night, is it possible to decrypt the stored credentials?
I don't believe it to be possible to decrypt the password stored in the Solarwinds database. However, there are a couple other approaches you could take.
#1)
If you have the devices SNMP RW community, get out your Solarwinds Engineers toolkit and using the "Config Viewer" you can change the password, or if its unencrypted on the router you can view it. If it's a type-7 password you can use a webpage like this to decrypt it from the config on the router (Cisco Type 7 Reverser - PacketLife.net)
#2)
This one is a bit trickier, but if Orion is using telnet to get to the devices rather than SSH, you can intercept the password. Just use wireshark on your Orion server and tell it to go download a config while your monitoring traffic. The password will be sent in plain-text.
#3)
If the devices are older versions of IOS, there are known ways to get in and configure them via HTTP. You can find it on the internet fairly easy. Slide 3 on this PPT gives you the basics, if I remember right there is a bit of tweaking you might have to do... www.blackhat.com/presentations/bh-usa-02/bh-us-02-akin-cisco/bh-us-02-akin-cisco.ppt
HTH!
Thats what I was afraid of, thanks for the information.
As above, it can be difficult to obtain the existing credentials password.
If the credentials NCM is using to grab the configuration has a high enough privilege level, you could use NCM to run a script on the device to add new credentials.
