[Solved] How to Get Root Access to CUCM and Any Cisco UC OS without Cisco TAC

By | September 11, 2017

Hello there, we have been discussing about Cisco Unified Communications Manager administration guides. A lot of time we may run into a situation where you need CUCM root access. Ideally CUCM root access is limited to only Cisco TAC team. The command line interface that we are getting while SSH to CUCM is not the root, instead it is just a modified version of CLI. We will be able to run some basic commands over there.

In this article I’m gonna explain how to hack CUCM or any other Cisco Unified Communications OS (like Cisco Unity Connection – CUC, Cisco IM and Presence – IMP, Contact Centre Express – UCCX, etc.) to get access to ROOT.

All most all Cisco UC OS built over a Red Hat Enterprise Linux platform. For CUCM, the underlying operating system is still Linux! Hence if you know little bit of Linux tweaking, you can apply this hack and get root access to CUCM without the help of Cisco TAC.

The purpose of getting root access is important once you fail with all your CUCM CLI general commands to fix a particular issue. Situations like CUCM DB Replication, Certificate issue, etc. sometimes cannot be fixed by “utils” commands. In such scenario you need Root access to CUCM. Root access can also be used to hack licenses in UC OS for test purpose.

how to get root access to cucm and any cisco uc os without tac

Note: Do not try this hack on any production system, this article only for lab experiments. Cisco TAC never supports if you do some changes in the root. But it is good to understand the CUCM file structure and architecture via root.

Keeping that is in mind, let’s start our hack to unlock and jail-break CUCM for root access. I have tried this hack on CUCM 9.X, 10.5, 11.5 and all pass!

Tools & Skills Required

  • Linux Cent OS 7
  • Installed CUCM / any UC OS
  • Access to ESXi where CUCM is already installed
  • Basic Understanding of Linux Commands (No problem even you are new to Linux)

Step 1: Download Linux Cent OS

Download Cent OS 7 ISO from the following link.
Link: wiki.centos.org/Download
In any chance if the link is broken, get your Cent OS ISO from Google.
Now upload your Cent OS ISO file to ESXi Data Store.

Step 2: Edit CUCM Virtual Machine to Boot from CD

Login to ESXi where CUCM is already installed using VSphere client. Right click on the CUCM VM and go to Edit Settings.
edit virtual machine settings vmware esxi

Select CD/DVD Drive 1 >> Check the ‘Connect at power on’ status and browse your Cent OS at Data Store ISO File as shown below.
edit virtual machine boot order

Go to ‘Options’ tab and click ‘Boot Options’. Then check the box which says ‘The next time the virtual machine boots, force entry in to the BIOS setup screen’ >> OK
the next time the virtual machine boots, force entry in to the bios setup screen
No go ahead and power on your CUCM Virtual Machine, the system will boot in to BIOS.

Step 3: Set Boot Device to CD-DVD ROM

Select CD-ROM Drive as the boot device (move it up) and hit F10 to Save.
virtual machine bios

Hit Enter for ‘Yes’ in the setup confirmation box.
virtual machine boot from cd dvd
System will boot in to CentOS Linux.

Step 4: Tweak CUCM Root Files from CentOS

Select ‘Troubleshooting’ from the screen as shown below.
centos troubleshooting

From the troubleshooting menu, choose ‘Rescue a CentOS Linux system’ and hit enter.
rescue a centos linux system

Select Option 1 and proceed.
CentOS will perform a Rescue Mount.
Hit Enter key to get in to Shell.

centos hack to get root access to cucm

Wow! Now you are at the Shell.
centos shell to jail break cucm

Now, enter the following commands,

At this point, you will be asked to enter new password for the root account. Please provide a complex password and confirm.
edit cucm root files using centos

Let’s edit the ‘passwd’ file to get shell access to root account.

edit passwd file in centos

Change the first line from,


To save this file, hit ‘Escape Key’ then type :wq as shown below.
enable shell access to root account

Now you are back to Shell windows, type

Change the sshd_config file so you can SSH as root (it’s disabled by default).
change the sshd config file so you can ssh as root

Find the line, #PermitRootLogin yes and edit to PermitRootLogin yes
[Just remove the # from the beginning.]

Hit ‘Escape Key’ then type :wq! as shown below.
permitrootlogin to cucm

Again we are back to Shell window. Now let’s go ahead and Power off the system by issuing poweroff command
poweroff centos linux

Step 5: Return back normal Booting by Editing CUCM Virtual Machine from ESXi

Login to ESXi via VSphere Client and edit the CUCM VM Settings.
edit boot settings in vm

CD/DVD Drive 1 >> Remove the Check box at ‘Connect at power on
Click ‘OK
remove boot from cd vmware

Now, power on the CUCM VM, you will be getting some warning about SELinux strict Policy. No worries, this will be auto completed!
selinux strict policy
Once it completely booted, try to SSH to the CUCM using root account.

Step 6: SSH to CUCM Root

Open your SSH client (I’m using Putty) and enter the IP of CUCM and SSH to it.
ssh to cucm root

Login as: root
Password: [Password you have configured in the Step 4]

Great! You are in the CUCM Root account now…. Cheers!
cucm root account
You may use cd .. command to move to Root directory as shown above.

If you are not a fan of CLI, we may use WinSCP to get root GUI for file access. Install WinSCP and login to CUCM via root account.
winscp root login to cucm

Change the directory to /<root>
winscp to cucm root to access files

Yes, We are done it… Play around with your CUCM root files. You can copy files, verify scripts, Hack license and much more. Options are limitless!. Please let me know your valuable comments and feedback about this article. Next article I would cover some License hack tutorials for CUCM. Please like our Facebook page to get latest update.

Leave a Reply

Your email address will not be published. Required fields are marked *