Root access on Cisco Call Manager 5/6 Server

How to get Root access on Call Manager 5/6 Server

I think it is great that Cisco does not require Engineers to understand the underlying system CallManager is built on, but some of us are curious. These steps will let you to create a user on a CUCM 5/6 server with shell access and root privileges.

WARNING: This should not be performed on a Production System! I am not responsible for any destruction to production systems.

1. Boot the CUCM server with CentOS 5.1 Disk1
2. Type ‘linux rescue’ at the boot: prompt
3. Use the chroot command to change the root to the CUCM partition

Type 'chroot /mnt/sysimage'

4. Backup the /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow files

cp -a /etc/passwd /etc/passwd.bak
cp -a /etc/group /etc/group.bak
cp -a /etc/shadow /etc/shadow.bak
cp -a /etc/gshadow /etc/gshadow.bak

These files are protected by the ext2 immutable flag. Check to see if the immutable flag is set. If the immutable flag is set, you will see an ‘i’.

lsattr /etc/passwd /etc/group /etc/shadow /etc/gshadow

5. Remove the immutable flag

chattr -i /etc/passwd /etc/group /etc/shadow /etc/gshadow

6. Add a new user and set a password

useradd username
passwd username

7. Add the immutable flag

chattr +i /etc/passwd /etc/group /etc/shadow /etc/gshadow

8. Add the new user to the /etc/sudoers file and give root privileges.

vi /etc/sudoers

9. Add the following line to the file to give the new user root privileges.

username All=(ALL) ALL

10. Exit Linux rescue mode
11. Login with the new account
12. Test various root level linux commands with ’sudo’ prefix, take a look at the filesystem and play around