Attached to this post is a simple script which connects over either Telnet or SSH to a list of devices and resets the enable password, local password for the vty lines, and the console password. The script will login either with a username/password pair or with just a password. The script is setup to work with Cisco IOS devices, but customizing it for CatOS or some other vendor would not be difficult.
SecureCRT has a handy automation API which lets you build on the protocol support in it to automate tasks over the protocols it supports. As a Windows user, I don't have things like Perl or an Expect shell readily available, but, I do have SecureCRT and VBScript. I wasn't able to find much in the way of samples for this particular SecureCRT feature aside from the manufacturer's webpage, so I thought I would share one I made.
There are a series of constants at the top of the file where the applicable credentials should be specified. The devices.txt path is set to c:\scripts\devices.txt. You can modify this to your liking.
The syntax for each line in the devices.txt is:
Hostname;IPOrFQDN;Protocol
Hostname isn't actually used, but it's there if you want to add logging or something like that.
Protocol can be Telnet, SSH1, or SSH2.
The script and a sample devices.txt is attached in the zip below. The usual bit applies - it's not my fault if something breaks. I've used this several times to mass change passwords and had it work every time, but I offer no guarantees. Enjoy.
UPDATE - Script download link: http://www.briandesmond.com/blog-attachments/changerouterpasswords.zip
Comments, Trackbacks, & Pingbacks
#1 re: SecureCRT Script for Mass Changing Cisco Switch/Router Passwords
Friday, October 06 2006 7:21 AM by M van Mierlo#2 re: SecureCRT Script for Mass Changing Cisco Switch/Router Passwords
Friday, December 22 2006 4:13 PM by dummyThanks for the script. I modified the script a little and it works for none cisco device. By the way, this is not stand alone vb script and you need to run it from SecureCRT:
# $language = "VBScript"
# $interface = "1.0"
'==========================================================================
' NAME: Cisco Password Changer
' AUTHOR: Brian Desmond
' DATE : 2/22/2006
' UPDATED: 9/4/2006 - Added password only detection
'==========================================================================
Sub Main
Const username = "aaaaaa" ' Username to use for login
Const password = "xxxxxx" ' Password for corresponding user
Const loginPass = "xxxxxx" ' Password to use for password only login (aka no aaa new-model)
Const newUserPass = "newpaswd" ' New Enable password to set
Const DEVICE_FILE_PATH = "c:\scripts\Devices.txt"
Dim fso
Set fso = CreateObject("Scripting.FileSystemObject")
Dim fil
Set fil = fso.OpenTextFile(DEVICE_FILE_PATH)
Dim ip
Dim name
Dim protocol
Dim line
Dim cnxnString
While Not fil.AtEndOfStream
line = fil.ReadLine
name = Split(line, ";")(0)
ip = Split(line, ";")(1)
protocol = Split(line, ";")(2)
Select Case protocol
Case "Telnet"
cnxnString = "/TELNET " & ip & " 23"
Case "SSH2"
cnxnString = "/SSH2 /L " & username & " /PASSWORD " & password & " /C 3DES /M MD5 " & ip
Case "SSH1"
cnxnString = "/SSH1 /L " & username & " /PASSWORD " & password & " /C 3DES /M MD5 " & ip
End Select
' Connect
crt.Screen.Synchronous = True
crt.Session.Connect cnxnString
If protocol = "Telnet" Then
Dim index
index = crt.Screen.WaitForStrings("Username:", "Password:")
If index = 1 Then
crt.Screen.Send username & vbCr
crt.Screen.WaitForString "Password:"
crt.Screen.Send password & vbCr
Elseif index = 2 Then
crt.Screen.Send loginPass & vbCr
End If
End If
crt.Screen.WaitForString "#"
crt.Screen.Send "config " & vbCr
crt.Screen.WaitForString "(config)#"
crt.Screen.Send "first conmmand to enter" & vbCr
crt.Screen.WaitForString "(config)#"
crt.Screen.Send "second command to enter" & vbCr
crt.Screen.WaitForString "(config)#"
'Repeat above two lines if you need more
' Save
crt.Screen.Send "end" & vbCr
crt.Screen.WaitForString "#"
crt.Screen.Send "copy run start" & vbCr
crt.Screen.WaitForString ":"
crt.Screen.Send vbCr
crt.Screen.WaitForString "#"
crt.Screen.Synchronous = False
crt.Session.Disconnect
Wend
fil.Close
End Sub
#3 re: SecureCRT Script for Mass Changing Cisco Switch/Router Passwords
Saturday, April 21 2007 9:54 AM by OzzieIs it possible to save a cisco image in the flash memory using SecureCRT?
thank you.
#4 re: SecureCRT Script for Mass Changing Cisco Switch/Router Passwords
Wednesday, August 27 2008 6:27 PM by JoMoMoFoVery Nice!!! I have been looking for this for a while... Thanks a million!
#5 re: SecureCRT Script for Mass Changing Cisco Switch/Router Passwords
Tuesday, December 16 2008 4:39 PM by borjaI easy vbs that help me to do redundant jobs.
# $language = "VBScript"
# $interface = "1.0"
==========================================================================
' NAME: Save configuration in a dynamic log file
' AUTHOR: Borja Ramos
' DATE : 12/16/2008
' Comment:
' This easy script saves the runing config in a textfile in c:\temp\"ip".txt
' you have to create a file with the IPs line by line in c:\temp\devices.txt
' If you follow it, you´ll see that is easy to modify it to do any other funciont
'==========================================================================
Sub Main
Const DEVICE_FILE_PATH = "c:\temp\device.txt"
Set fso = CreateObject("Scripting.FileSystemObject")
Set fil = fso.OpenTextFile(DEVICE_FILE_PATH)
While Not fil.AtEndOfStream
ip = fil.ReadLine
cnxnString = "/TELNET " & ip
crt.Session.Connect cnxnString
crt.Screen.Synchronous = True
crt.Screen.WaitForString "assword:"
crt.Screen.Send "follipiso" & vbCr
crt.Screen.WaitForString ">"
crt.Screen.Send "ena" & vbCr
crt.Screen.WaitForString "assword:"
crt.Screen.Send "follipiso" & vbCr
crt.Screen.WaitForString "#"
crt.Screen.Send "terminal length 0" & vbCr
crt.Screen.WaitForString "#"
Dim logfile
logfile = ("C:\temp\" & ip & ".txt")
crt.Session.LogFileName = logfile
crt.Session.Log True
crt.Screen.Send "show run" & vbCr
crt.Screen.WaitForString "#"
crt.Session.Log False
crt.Session.Disconnect
wend
crt.Screen.Synchronous = False
End Sub
#6 re: SecureCRT Script for Mass Changing Cisco Switch/Router Passwords
Thursday, April 02 2009 9:17 AM by RK PrabhuI have modified the Script to take backup of Running & Start Up config. But its giving me an error on the Line no 96.
===============================================================================================================================================================
# $language = "VBScript"
# $interface = "1.0"
'==========================================================================
' NAME: Cisco Config Backup (Running & StartUp)
'==========================================================================
Sub Main
Const username = "admin" ' Username to use for login
Const password = "password123" ' Password for corresponding user
Const loginPass = "password123" ' Password to use for password only login (aka no aaa new-model)
Const tftp = "172.25.131.32" ' Tftp Host IP Address
Const DEVICE_FILE_PATH = "c:\scripts\devices.txt"
Dim fso
Set fso = CreateObject("Scripting.FileSystemObject")
Dim fil
Set fil = fso.OpenTextFile(DEVICE_FILE_PATH)
Dim ip
Dim name
Dim protocol
Dim line
Dim cnxnString
While Not fil.AtEndOfStream
line = fil.ReadLine
name = Split(line, ";")(0)
ip = Split(line, ";")(1)
protocol = Split(line, ";")(2)
Select Case protocol
Case "Telnet"
cnxnString = "/TELNET " & ip & " 23"
Case "SSH2"
cnxnString = "/SSH2 /L " & username & " /PASSWORD " & password & " /C 3DES /M MD5 " & ip
Case "SSH1"
cnxnString = "/SSH1 /L " & username & " /PASSWORD " & password & " /C 3DES /M MD5 " & ip
End Select
' <========== Connect & Login ==========>
crt.Screen.Synchronous = True
crt.Session.Connect cnxnString
If protocol = "Telnet" Then
Dim index
index = crt.Screen.WaitForStrings("Username:", "Password:")
If index = 1 Then
crt.Screen.Send username & vbCr
crt.Screen.WaitForString "Password:"
crt.Screen.Send password & vbCr
Else If index = 2 Then
crt.Screen.Send loginPass & vbCr
End If
End If
' <========== Enable These lines if Device Requires Enable Password ==========>
' crt.Screen.WaitForString ">"
' crt.Screen.Send "en" & vbCr
' crt.Screen.WaitForString "Password:"
' crt.Screen.Send oldEnablePass & vbCr
' <========== Config Changes ==========>
crt.Screen.WaitForString "#"
' Copy Running Config
crt.Screen.Send "copy running-config tftp://" & tftp & vbCr
crt.Screen.Send tftp & vbCr
crt.Screen.Send name & ip & "running-config" & vbCr
crt.Screen.WaitForString "#"
' Copy Startup Config
crt.Screen.Send "copy startup-config tftp://" & tftp & vbCr
crt.Screen.Send tftp & vbCr
crt.Screen.Send name & ip & "startup-config" & vbCr
crt.Screen.WaitForString "#"
crt.Screen.Synchronous = False
crt.Session.Disconnect
Wend
fil.Close
End Sub
===============================================================================================================================================================
When i try to run this script it says :
Error : Expected Statement
Line : 93
Wend
A
#7 re: SecureCRT Script for Mass Changing Cisco Switch/Router Passwords
Tuesday, April 21 2009 3:14 PM by byjuI tried these scripts but it gives me error for Wend statement as mentioned by Prabhu
#8 re: SecureCRT Script for Mass Changing Cisco Switch/Router Passwords
Wednesday, February 17 2010 8:50 AM by EikeThanks for the Script. I used this to fit my rquirements and changed some lines now its perfect.
You can see them on blogglob.de/.../index.php
Thanks again!
Eike
#9 re: SecureCRT Script for Mass Changing Cisco Switch/Router Passwords
Tuesday, June 01 2010 5:01 AM by dddThanks so much !
Thanks for this one, although i'm actually looking for a simple CLI script for windows ( as my VBS skills are really bad ) i think this will the sollution for my automation needs with my IOS devices.
Only need to work on my VBS skills now :-)