Changing Ubiquiti Radio password from Command Line

Posted on April 4, 2025 by admin

Most configuration changes to Ubiquiti radios can be done on the command line by modifing them in /tmp/system.cfg and then applying the configuration. The device password is a little more complicated. The password is in the system.cfg config file, but it is hashed. To change the password, we must change the password via ssh, then update the config password hash to match the hash in /etc/passwd.

We’ll cover two ways to update the password for a Ubiquiti radio. The first method uses the UBNTMOD script. The second shows a more hands on approach.

Method 1: Using the UBNTMOD script.

Download the UBNTMOD script and make it executable.

wget http://incredigeek.com/home/downloads/ubntmod/ubntmod.sh
chmod u+x ubntmod.sh
./ubntmod.sh -y 'ubnt,ubnt' -p 'newpassword' -i 192.168.1.20 -z

-y is the current username and password pair
-p is the new password
-i is the radio IP
-z saves the changes without rebooting.

Method 2: Changing password over SSH

To change the password we need to:

SSH to the radio
Change the current password with passwd
Copy the hash from /etc/passwd to /tmp/system.cfg
Save changes with /usr/etc/rc.d/rc.softrestart save

SSH into radio

ssh ubnt@192.168.1.20

Change the Password with passwd

passwd is the default utility to change the password for a user. Simply run passwd and follow the prompts

Example:

XW.v6.1.12# passwd
Changing password for ubnt
New password: <-- Enter password here
Retype password: <-- Reenter password here
Password for ubnt changed by ubnt
XW.v6.1.12#

ℹ️Once you change the password with passwd, the password will change, but it wont be permanently saved until we copy the hash and then apply the change.

Copy Password hash to system.cfg

We can get the new password hash with

cat /etc/passwd

Example output:

admin:$1$QESek5FH$FUPpzbPbAvf0NUbYyJMj21:0:0:Administrator:/etc/persistent:/bin/sh

The section between the first and second colon, i.e., the two dots, “:”, is our hashed password. This is what we need to copy into the system.cfg config.

Edit the config file

vi /tmp/system.cfg

Find the line that starts with users.1.password= and replace everything after the equals sign with our new hash. For example:

users.1.password=$1$QESek5FH$FUPpzbPbAvf0NUbYyJMj21

ℹ️VI can be a little tricky to deal with, you can hit i, to enter insert mode, delete everything after the =, and then right click with your mouse to paste in the password hash.

Apply the new Password Permanently

Save the changes with /usr/etc/rc.d/rc.softrestart save command.

XW.v6.1.12# /usr/etc/rc.d/rc.softrestart save 
--- /tmp/.running.cfg.919
+++ /tmp/.system.cfg.919
@@ -81,7 +81,7 @@
 system.cfg.version=65546
 system.eirp.status=disabled
 users.1.name=ubnt
-users.1.password=$1$5FJMj2H$FbkP6UAb8yvfES0NUbPpzbQ <- Old Password Hash
+users.1.password=$1$QESek5FH$FUPpzbPbAvf0NUbYyJMj21 <- New Password Hash
 users.1.status=enabled
 users.status=enabled
 wireless.1.addmtikie=enabled
Fast users script build Success.
Fixup Startup_list …Done.
XW.v6.1.12#

ℹ️Your existing ssh connection should stay connected which can be handy if something did not work correctly. Launch another terminal, or log in the web interface, to verify that the new password works.

Can’t log into NixOS after Install!

Posted on January 11, 2024 by admin

You thought everything went well with your NixOS install, you reboot, enter your username and password, and bam! Login incorrect.

Okay, try it again.

Hmm…

Let’s try root. Nope, same thing…

If you don’t enter the password in correctly for root at the end of an installation, there will not be a root password, hence you can not log in.

Best way to keep this from happening is to make sure the password is set up before rebooting.

If you are one of those unfortunate souls who entered the wrong root password and missed the warning at the end of the installation

Try the following.

nixos-enter --root '/mnt'

Note: If you already rebooted, boot up on the minimum USB drive, mount the root partition, then run the nixos-enter command.

mount /dev/disk/by-label/nixos /mnt
nixos-enter --root '/mnt'

passwd to set the root password. You can also set your user password with

passwd username

Change username to your username.

Reboot and login!

Simple method to Encrypt/Decrypt Zip files on Windows

Posted on December 28, 2023 by admin

Unfortunately, encrypting a file on Windows with a simple password is not super simple. While Windows does now support other compression formats (RAR, 7-Zip) it does not support encryption for them.

Currently, Windows natively supports the ZipCrypto algorithm. No AES. Note that the ZipCrypto algorithm is not considered secure, and shouldn’t be used for highly confidential data.

The following method, you will need 7-Zip to create the archive, but you won’t need it for decryption as Windows has built in support for ZipCrypto decryption.

To create the archive, you will need 7-Zip installed. Right click on your file/folder -> 7-Zip -> Add to Archive.

You should be presented with a similar window.

Change Archive format to zip
Enter the password
Ensure that the Encryption method is ZipCrypto
Hit OK to create the Archive.

You can now transfer the password protected archive to a new machine. You’ll be prompted for the password when you extract the archive.

How to Create a Preshared Key for Wireguard

Posted on June 6, 2023 by admin

You may have encountered a Mikrotik error when trying to create preshared key

Couldn't change wireguard peer<> - invalid preshared key (6)

This is because a Wireguard preshared key needs to be 256bit (32 byte) base64 encoded key. We have a couple different ways we can generate the correct format.

1. Use Openssl to generate a random 32 byte password

openssl rand 32 | base64

2. Create a 31 character password and base64 encode it

echo Thisisthepassword31characterslo | base64
VGhpc2lzdGhlcGFzc3dvcmQzMWNoYXJhY3RlcnNsbwo=

Now we can take this and add it to our config. The config option is

PresharedKey = VGhpc2lzdGhlcGFzc3dvcmQzMWNoYXJhY3RlcnNsbwo=

https://www.wireguard.com/papers/wireguard.pdf

https://forum.mikrotik.com/viewtopic.php?t=184469

Reset WordPress Admin user Password from phpMyAdmin

Posted on May 8, 2023 by admin

After logging into phpMyAdmin, find the users table.

You should see the admin user in it.

Click edit. Under the user_pass line, change the Function to md5 and the Value to your new password.

Hit Go to run the insert command. Now you should be good to log in.

Recover Password out of FileZillla Site Manager

Posted on March 13, 2023 by admin

Open up FileZilla, for to the Site Manager, right click on the entry you want, and export it. This will export all the settings for the site(s).

Once exported, open the XML file. Look for the Pass encoding field. Copy the base64 encoded password. Its the text highlighted in yellow. Yours should be longer.

Decode base64 encoded password. We can do this using the built in linux base64 utility. You can use also use python.

echo -n dWJudA== | base64 -d && echo ""

Result returns the password which is “ubnt”

Change UniFi User Password from Command Line

Posted on December 15, 2021 by admin

SSH into the UniFi server
Connect to MongoDB
Find user ObjectId
Update user info with new Password

You will need a hash of the password to put into the database. We don’t cover that in this post. You could copy the password from a different user account or use a different UniFi instance to change the password and then check the DB to find the hash.

SSH into the UniFi Server

ssh unifiadmin@unifiserver

Connect to MongoDB

Connect to Mongo by typing in the following.

mongo -port 27117

Then select the ace database by typing

use ace

Find user ObjectId

The admins are in the admin collection/table. Use the following command to list all the users and their name, email, and password hash.

db.admin.find({ }, { name:"" , email : "", "x_shadow" : "" })

Update user info with new Password

The following looks complex. Fortunately though you should be able to copy and paste. You should only need to change the
– ObjectId to your User Id
– Password Hash to your password hash

db.admin.update({"_id" : ObjectId("223abc5489de0a93be758493")}, {$set: { "x_shadow" : "$6$nwpi7.q2$OuD9/UZGZt5cD739Dt7j8Gb1uPtfU99p0DeDSurSNBZVizieUrFVFbRufiZMgOk2IaaDZN9BVmL9yUwQ2mC8f."}});

Note: The hash above is password. Not recommended for use.

You should receive a confirmation that it succeeded. Test the new password by logging into the UniFi Controller.

For more MongoDB commands, check out this post.

Default WHM/cPanel Password Strength Configuration Setting

Posted on May 15, 2020 by admin

The default strength for new passwords created on cPanel and WHM looks to be 65.

Note that increasing the strength should not disable any passwords that are under the threshold.

WHM/cPanel Password Strength Configuration

Hashcat examples

Posted on February 17, 2020 by admin

Rule based attack

Use a wordlist and best64 rules to try and crack a wordpress hash. Using rockyou.txt as an example.

-m Specifies the hash type

hashcat -m 400 wordpress.hash -r rules/best64.rule wordlist/rockyou.txt

wordpress.hash is a text file that contains the password hash. You can list multiple hashes in the file

Example contents of file

bob@localhost:~$ cat wordpress.hash 
$P$BeJ2ZWVgSx/rR8ifcTFyjq1ouCCWwu0
bob@localhost:~$

Brute force

Attempt every 8 numeric combination for a WPA2 key.

hashcat -m 2500 -a3 capture.hccapx ?d?d?d?d?d?d?d?d

Hashcat built in Charsets

You can swap out the ?d from the above command with any of the built in character sets below.

  ? | Charset
 ===+=========
  l | abcdefghijklmnopqrstuvwxyz
  u | ABCDEFGHIJKLMNOPQRSTUVWXYZ
  d | 0123456789
  h | 0123456789abcdef
  H | 0123456789ABCDEF
  s |  !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
  a | ?l?u?d?s
  b | 0x00 - 0xff

More information
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
Rule based attacks are recommended
https://hashcat.net/wiki/doku.php?id=rule_based_attack

Incredigeek

Tag Archives: password