DComTalk.com

I have several Baystack switches for which I am missing the
telnet/console password (they may be different). After much searching I
have come to the conclusion that there is no method for resetting the
password other than sending the unit in for repair (please correct me).
For awhile, these switches were ok without management, but now I really
want to manage them. So, I am attempting to brute force the password
against the telnet service. First step is to sniff the switches
configured IP address, all of mine have addresses. Now I have a script
that attempts to login with a list of passwords. Detecting failed login
was easy, but since I do not have the password I dont know what a
successful login looks like.

Could someone post the string received from a successful login to
Baystack 350T-HD SW3.0.1? If there is a different response for
Read-Only/user or Read-Write/secure, please post both.

There is a method,but it only applies to HW:Rev A.
You must have a successful console link to the switch.
Do you get any response after entering ctrl-y?