How to crack the vro password (CISCO )!
Fault symptom:
Network devices or large application service software use password protection for security purposes. Therefore, the network administrator needs to enter the correct password and then log on to the network device or service software to change and browse its configuration, using this function increases the system security to a certain extent, but if you forget the password you set in advance. Recovery will cause a lot of trouble. The following example shows how to restore and clear the password after the CISCO router privileged password is forgotten.
The company uses a CISCO 2511 router to connect to the xDSL MODEM through the serial port of the router. Access the DON leased line of the Data Bureau. One day, Internet providers were changed from China Telecom to China Unicom due to network structure changes. Therefore, you need to enter the vro interface through the Console to apply for changing IP addresses, routes, and other related content. However, it is found that a password is required to log on to the vro because the configuration of the vro is completed by the author's predecessor, And the password is handed over to the author when he leaves the company. In addition, the vro works stably at ordinary times, and you do not need to enter a password when you restart the vro. Therefore, you do not care about the password. If the former colleague who will set the password has already gone abroad, it seems that it is impossible to find the password for the vro.
Diagnosis Process
Since the vro password cannot be found, you have to start by cracking the vro password. To crack the vro password, we should first understand the vro startup principle. We know that the vro's storage medium is generally composed of five parts: ROM and Flash Memory), immutable RAM (NVRAM), RAM, and dynamic memory (DRAM ). When the vro starts normally, the vro first runs the self-check program in ROM, conducts self-check on the vro hardware, and directs the system (Minimum Operating System, Mini OS ).
Next, the router will run IOS (Internetwork Operating System, network Operating System) in Flash, find the router configuration in NVRAM, and load it into DRAM. Note that when the router loads the Minimum Operating System, the operator immediately presses the "Ctrl" 10 "Break" key to stop loading IOS and enter the monitoring and debugging mode.
In this mode, you can change the startup location of the configuration file (by default, the vro configuration is saved in NVRAM, And the configuration also contains the vro password ). By analyzing the router startup principle, we can know that we can skip loading the vro configuration file containing the password by using the function of entering the monitoring and debugging mode, and directly enter the vro's privileged mode to reset the vro password.
In addition, because the original vro configuration file contains many useful settings, you should replace the currently running configuration file with its initial configuration file before changing the password. After the changes, replace the currently running configuration file with the original starting configuration file. After the configuration is completed, the router startup sequence is changed back to the normal startup sequence.
With the above settings, we can change the vro password to our own password, so as to solve the problem that the vro cannot be logged on because the password is forgotten.
After the theoretical analysis is feasible, you can perform specific operations. The whole process of clearing and setting the vro password is listed below:
Step 1: connect the terminal to the vro.
Connect the Console port of the vro。 to the comport of the terminal through the console cable provided by the vro (or the serial port of the PC, but run the Super Terminal Program on the PC ).
Step 2: Go to monitoring debugging mode to change the startup sequence.
After the connection is complete, restart the vro. When the third line is displayed on the terminal screen, press "Ctrl" 10 "break" to enter the monitoring and debugging mode, and enter the following command:
> O
After entering the preceding command, remember the last password file number in the first line of the prompt: for example, 0x2102, enter the following command (the content after the symbol/is the description text ).
> O/R/change the Startup File to secure startup
> 0x42/0x4? Set the password file to the next startup Item
> I/restart the router
Step 3: clear and set a new vro password.
After the vro is restarted, "wocould you like to enter the initialconfiguration dialog? [Yes]: "prompt, enter no, and press enter to enter the Security Mode of the router. Continue to enter the following command:
Router (boot)> enable/Enter privileged user mode
Router (boot) # copy startup-config running-config
/Replace the currently running configuration file with the starting configuration file
Router (boot) # config terminal/enter global configuration mode
/Set the Console Password/
Router (boot) (config) # line console 0/enter the local Setting Mode
Router (boot) (config-line) # login
Router (boot) (config-line) # password cisco
/Change the Console password. In this example, set it to cisco (differentiated
Case Sensitive)
Router (boot) (config-line) # exit
/Set the telnet password/
Router (boot) (config) # line vty 0 4
Router (boot) (config-line) # login
Router (boot) (config-line) password cisco
/Change the Telnet password. In this example, set it to Cisco (case sensitive)
Router (BOOT) (config-line) # exit
/Set the privileged user password/
Router (BOOT) (config) # enable password cisco1
/Change the privileged user password. This example is set to cisco1 (case sensitive)
Router (BOOT) (config) enable secret Cisco
/Change the encrypted privileged user password. In this example, it is set to Cisco (case sensitive)
Router (BOOT) (config) # End
Router (BOOT) # copy running-config startup-config
/Replace the currently running configuration file with the starting configuration file (SAVE)
Router (BOOT) # config Terminal/enter global configuration mode
/Resume normal startup/
Router (BOOT) (config) # config-register 0x2102
/Replace the original 0x2102 password file with 0x42 as the startup preference
After the vro is restarted, enter the new password when prompted. Then, log on to the vro and run the show running-config command. The original vro configuration is still in progress. Solve the Problem of losing the vro password.
Tips
As a network administrator, you sometimes have to deal with dozens or even hundreds of administrative passwords. It is basically impossible to remember these passwords completely: Some administrators are used to setting these passwords into one, in fact, this is very wrong, because once someone with ulterior motives obtains the password, it is equivalent to being able to control your entire network system, which is extremely dangerous. In fact, you can store these passwords in a secure place and search for them first (I will save my password in my laptop, and use PassKeep password management software to manage and protect PassKeep ).
In addition, it is also necessary for the network administrator to master several password restoration methods, because even a good password management method may be omitted (especially for passwords managed by multiple users ), in this case, you can use password restoration to show your skills.
Procedure:
Preparation: A computer runs the terminal Simulation Program (Super Terminal can be started in Windows 95/98), and the microcomputer serial port (COM1/COM2) is connected to the Console port through the configuration line randomly assigned by Cisco.
Recovery steps:
(1) Start the instance, press Ctrl + Break until the prompt appears.
(2) enter the command "> o/r 0x142 ".
(3) initialize the vro: "> I ".
(4) Restart. The screen displays the system configuration dialog: "system ready aiton to get started? ", Type" no ", and the system displays" Press RETURN to get started! ", Press the" Return "key, and the system displays" Router> 〉".
(5) enter the command "Router> enable" to enter the Super User State (the system no longer requires you to enter the super password); "Router # show startup-config" displays the configuration parameters, remember the password you see (you can also use the enable serect "changepassword" command to change the superuser password ).
(6) type a command to restore the original register:
"Router (config) # config-reg 0x2102 ";
"Router (config) # ctrl-z ";
"Router (config) # wr" storage disk.
(7) restart: "Router # reload ".
This post is from the official forum of the hacker XFile (WwW. HackerXFiles. NeT)
Detailed reference http://bbs.hackerxfiles.net/thread-345000-1-1.html