Hack password principle: Delete Password only, do not destroy configuration
#本文中的 # Indicates the meaning of the comment
#第一步. Connect the console port of the switch to the terminal
#第二步. Press and hold the mode key on the switch panel while inserting the power supply until the SYS light does not flash, and then release the mode keyC2950 Boot Loader (c2950-hboot-m) Version 12.1 (6) EA2C, RELEASE Software (FC1)
Compiled Thu 28-feb-02 14:59 by Antonino
Ws-c2950c-24 starting ...
Base Ethernet MAC address:00:09:e8:b4:45:40
Xmodem file system is available. The system has been interrupted prior to initializing the
Flash filesystem. The following commands would initialize
The flash filesystem, and finish loading the operating
System Software:flash_init
Load_helper
Boot
---------------------------------- #
#flash_init: Initializing the Flash file system
#load_helper: Loading Help files
#boot: Boot the device into normal mode
Switch:flash_init
#第三步 Here we choose to initialize Flash
Initializing Flash ...
Flashfs[0]: Files, 2 directories
Flashfs[0]: 0 Orphaned files, 0 orphaned directories
FLASHFS[0]: Total bytes:7741440
Flashfs[0]: Bytes used:4502528
Flashfs[0]: Bytes available:3238912
Flashfs[0]: Flashfs fsck took 7 seconds.
... done initializing Flash.
Boot Sector Filesystem (BS:) installed, Fsid:3
Parameter Block Filesystem (PB:) installed, Fsid:4
switch:rename flash:config.text flash:config.old
#第四步 Renaming a configuration file containing password
Switch:boot
#第五步 start the switch
Loading "Flash:c2950-i6q4l2-mz.121-9.ea1.bin" ... ################################
Done initializing FLASHFS.
Post:system Boa
################################################# #ST: Ethernet Controller
nt:0x80010000 interface (s)
Executing ... Restricted rights legendted non-volatile configuration memory. Use, duplication, or disclosure by the Government is
Base Ethernet MAC address:00:09:e8:b4:45:
Subject to restrictions as set forth in Subparagraphboard Assembly NUMBER:73-5750-10
(c) of the commercial computer software-restricted5-01
Motherboard
Rights clause at far sec. 52.227-19 and subparagraph
Power Supply Serial N
West Tasman Drive Type VLAN
San Jose, California 95134-1706
00:00:17:%sys-5-config_i:conficisco Internetwork Operating System Software
00:
IOS (tm) C2950 software (c2950-i6q4l2-m), Version 12.1 (9) EA1, RELEASE Software (
Cisco Internetwork Operating System Software
FC1)
Copyright (c) 1986-2002 by Cisco Systems, Inc., Version 12.1 (9) EA1, RELEASE Software (
Compiled Wed 24-apr-02 06:57 by Antonino
FC1)
Image text-base:0x80010000, data-base:0x804e8000
Compiinitializing FLASHFS ... Antonino
FLASHFS[1]: FLASHFS fsck took 7 seconds.40
FLASHFS[1]: initialization complete.e.
I
Done initializing FLASHFS.
Flashfs[0]:
Post:system Board test:passed
Flash
Post:ethernet Controller test:passedctories
ASIC initialization Passeds[0]: Total bytes:7741440post:front-end LOOPBACK test:passed[0]: bytes used:4502528
Cisco WS-C2950C-24 (RC32300) Processor (revision E0) with 20815K bytes of memory
Flashfs[0]: FLASHFS Fsck took 6 second
.
Base Ethernet MAC address:00:09:e8:b4:45:40############################################
Motherboard Assembly NUMBER:73-5750-10
Power Supply Part NUMBER:34-0965-01
###################################
Motherboard serial number:foc062403um######
System Serial NUMBER:FOC0624X14E---system Configuration Dialog---
would to enter the initial configuration dialog? [yes/no]: N
#第七步 Select N and then enter and we'll bypass the original password.
switch>
switch>
#八 Enter privileged mode
switch>en
#这时开机已经忽略了password
switch#rename flash:config.old Flash:config.text
#第九步 Recovering the switch configuration file
Destination filename [config.text]?
switch#copy flash:config.text system:running
switch#copy flash:config.text system:running-config
#第十步 The Copy configuration file to the current system
Destination filename [running-config]?
1542 bytes copied in 1.704 secs (1542 bytes/sec)
switch######################################################################### #Current configuration:1522 bytes
!
#十一步 Change Password
switch#conf T
Enter configuration commands, one per line. End with Cntl/z.switch (config) #username root password Cisco
Switch (config) #enable secret Cisco
Switch (config) #line cons 0
Switch (config-line) #pass Cisco
Switch (Config-line) #login
Switch (Config-line) #exit
Switch (config) #
-------------Switch (config) #exit
switch#
00:05:47:%sys-5-config_i:configured from console by console
switch#copy Run Start
#十二步 Save ConfigurationDestination filename [startup-config]?
Building configuration ...
[OK]
switch#
-=--------
Switch#reload
#重新启动-----------Press RETURN to get started!00:00:14:%spantree-5-extended_sysid:extended sysid enabled for type VLAN
00:00:17:%sys-5-config_i:configured from memory by console
00:00:17:%sys-5-restart:system restarted--
Cisco Internetwork Operating System Software
IOS (tm) C2950 software (c2950-i6q4l2-m), Version 12.1 (9) EA1, RELEASE Software (
FC1)
Copyright (c) 1986-2002 by Cisco Systems, Inc.
Compiled Wed 24-apr-02 06:57 by Antonino
00:00:18:%link-5-changed:interface Vlan1, CHANGED state to administratively do
Wn
00:00:19:%lineprouser Access verificationpassword:to-5-updown:line Protocol on Interface Vlan1, changed
Password:
switch>en
Password:
switch#
Cisco 2950 3550 3750 series switch password hack
