Lab 06 - Password Recovery Trouble Shooting Let us assume that you have a router and you don’t know the enable secret password. First and foremost you must have physical access to the router to perform password recovery. Bit 6 defines if the configuration file will be loaded from NVRAM. Since there is a password in the configuration file that we do not know, we will want to set bit 6 to 1. If bit 6 is 0 then the router will load the configuration file from NVRAM. If bit 6 is 1 then the router will not load the configuration file from NVRAM. Configuration Register represented in Decimal The following are the steps to recover from a lost password. 1. Turn the router off, turn the router on, and within 60 secondsissue the break sequence of your terminal emulation package. If you are using hyperterminal that would be . 2. You will now be in ROM monitor mode indicated by the > prompt. Our goal here is to turn bit 6 on, so if the configuration register is set to 0x2102, we want to change the register to 0x2142. To determine the current configuration register setting use the following command: >e/s 2000002 To change the register: >o/r 0x2142 To re-initialize the router >I 3. After the router prompt appears get into the privileged mode and copy the backup configuration file to RAM. 4. Get into the configuration mode and key in your new password 5. Change the configuration register back to original setting 6. Perform a no-shut on all interfaces 7. Copy the running configuration to NVRAM All of the steps are in bold System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 1986-1995 by cisco Systems 2500 processor with 16384 Kbytes of main memory Abort at 0x10EA87C (PC) break sequence issued here >e/s2000002 2000002: 2102 use q to quit the examine mode >o/r0x2142 >i System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 1986-1995 by cisco Systems 2500 processor with 16384 Kbytes of main memory F3: 7564496+94188+304272 at 0x3000060 --- System Configuration Dialog ---> At any point you may enter a question mark "?" for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets "[ ]." Would you like to enter the initial configuration dialog? [yes]: n Press RETURN to get started! %LINK-3-UPDOWN: Interface Ethernet0, changed state to up %LINK-3-UPDOWN: Interface Ethernet1, changed state to up %LINK-3-UPDOWN: Interface Serial0, changed state to down %LINK-3-UPDOWN: Interface Serial1, changed state to down %LANCE-5-COLL: Unit 0, excessivecollisions. TDR=6 %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to down %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-J-L), Version 11.2(3), RELEASE SOFTWARE (fc2) Copyright (c) 1986-1996 by cisco Systems, Inc. Compiled Mon 30-Dec-96 21:28 by ajchopra %LINK-5-CHANGED: Interface Ethernet0, changed state to administratively down %LINK-5-CHANGED: Interface Ethernet1, changed state to administratively down %LINK-5-CHANGED: Interface Serial0, changed state to administratively down %LINK-5-CHANGED: Interface Serial1, changed state to administratively down Router>en Router#copy start run atlanta# atlanta#config t Enter configuration commands, one per line. End with CNTL/Z. atlanta(config)#enable secret password atlanta(config)#config-reg 0x2102 atlanta(config)#int e0 atlanta(config-if)#no shut atlanta(config)#int e1 atlanta(config-if)#no shut atlanta(config-if)#int s0 atlanta(config-if)#no shut atlanta(config)#int s1 atlanta(config-if)#no shut atlanta(config-if)# atlanta# %SYS-5-CONFIG_I: Configured from console by console atlanta#copy run start Building configuration... [OK] atlanta# Solution: First and foremost you must have physical access to the router to perform password recovery. Bit 6 defines if the configuration file will be loaded from NVRAM. Since there is a password in the configuration file that we do not know, we will want to set bit 6 to 1. If bit 6 is 0 then the router will load the configuration file from NVRAM. If bit 6 is 1 then the router will not load the configuration file from NVRAM. Configuration Register represented in Decimal The following are the steps to recover from a lost password. 1. Turn the router off, turn the router on, and within 60 seconds issue the break sequence of your terminal emulation package. If you are using hyperterminal that would be . 2. You will now be in ROM monitor mode indicated by the > prompt. Our goal here is to turn bit 6 on, so if the configuration register is set to 0x2102, we want to change the register to 0x2142. To determine the current configuration register setting use the following command: >e/s 2000002 To change the register: >o/r 0x2142 To re-initialize the router >I 3. After the router prompt appears get into the privileged mode and copy the backup configuration file to RAM. 4. Get into the configuration mode and key in your new password 5. Change the configuration register back to original setting 6. Perform a no-shut on all interfaces 7. Copy the running configuration to NVRAM All of the steps are in bold System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 1986-1995 by cisco Systems 2500 processor with 16384 Kbytes of main memory Abort at 0x10EA87C (PC) break sequence issued here >e/s2000002 2000002: 2102 use q to quit the examine mode >o/r0x2142 >i System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 1986-1995 by cisco Systems 2500 processor with 16384 Kbytes of main memory F3: 7564496+94188+304272 at 0x3000060 System Configuration Dialog --- At any point you may enter a question mark "?" for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets "[ ]." Would you like to enter the initial configuration dialog? [yes]: n Press RETURN to get started! %LINK-3-UPDOWN: Interface Ethernet0, changed state to up %LINK-3-UPDOWN: Interface Ethernet1, changed state to up %LINK-3-UPDOWN: Interface Serial0, changed state to down %LINK-3-UPDOWN: Interface Serial1, changed state to down %LANCE-5-COLL: Unit 0, excessive collisions. TDR=6 %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to down %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-J-L), Version 11.2(3), RELEASE SOFTWARE (fc2) Copyright (c) 1986-1996 by cisco Systems, Inc. Compiled Mon 30-Dec-96 21:28 by ajchopra %LINK-5-CHANGED: Interface Ethernet0, changed state to administratively down %LINK-5-CHANGED: Interface Ethernet1, changed state to administratively down %LINK-5-CHANGED: Interface Serial0, changed state to administratively down %LINK-5-CHANGED: Interface Serial1, changed state to administratively down Router>en Router#copy start run atlanta# atlanta#config t Enter configuration commands, one per line. End with CNTL/Z. atlanta(config)#enable secret password atlanta(config)#config-reg 0x2102 atlanta(config)#int e0 atlanta(config-if)#no shut atlanta(config)#int e1 atlanta(config-if)#no shut atlanta(config-if)#int s0 atlanta(config-if)#no shut atlanta(config)#int s1 atlanta(config-if)#no shut atlanta(config-if)# atlanta# %SYS-5-CONFIG_I: Configured from console by console atlanta#copy run start Building configuration... [OK] atlanta#
声明:本站所有内容,如无特殊说明或标注,均为本站原创或通过网络收集整理并发布。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。