Switches and routers need to have certain security, that is, to timely configure a reasonable password, then if the password forgotten how to do? I have encountered this time, due to job transfer, the former network administrator left the department, but the switch set up a password, and did not tell me the successor of the network administrator. What do we do? It's too much trouble to send it back to the vendor. So I personally experienced a password-breaking process.
First, the network environment:
The company uses the 3500 series (Specific model 3548) switch, which is connected with a Huawei 2621 router on the switch, through the telecommunications of fiber-optic internet. The reality of this 3548 switch was set by the previous network administrator password without telling me. So cracking his password became the core of this article.
Second, the preparatory work:
Because the entire work needs to break the network, after all involves restarting the switch and so on, so choose the time after work 23 o'clock night. In addition, because of cracking passwords such operations must use the console console line to set, so the location can only be central room. The author has found all the relevant tools for 3548 devices, including installation instructions and console control lines.
Third, the actual combat crack password:
According to the author's previous experience, the use of all equipment and operations command statements should be similar to Cisco devices, so the original thought to crack Cisco device password can be easily handled steps. Who knows how to start to find the original difference is really not small. Generally speaking, Cisco devices are used to modify the configuration register configuration register to achieve the operation of cracking the password. The concept of configuring register configuration register does not exist at all in the fidelity switch. By querying the data, it was found that the original implementation of the switch is to use a modified HyperTerminal configuration method to crack the password.
The first step is to connect the console control line of the Fidelity Switch to the console management interface of the device.
Step two: Connect another disconnect of the console control line to the COM serial port of the notebook used by network administrator debugging.
Step Three: Enter notebook system desktop, point "Start-> all program-> attachment-> communication-> HyperTerminal".
Step Fourth: Start the Super terminal of the system and let us name the newly established connection.
Step Fifth: Use when connecting at the connection settings select the port that you just connected with the console control line through the Drop-down menu. such as COM1 mouth.
Sixth step: In the COM1 property Settings window, we configure the parameters of the connection. Generally speaking, we normally connect the switch should be 9600 bits per second, data bit is 8, parity is none, stop bit is 1, data flow control is none. However, you need to modify these values if you want to break the password of the fidelity switch. The PC HyperTerminal serial port speed set to 57600, the other and the same can be written above.
Step seventh: Use the terminal to connect to the switch, then turn on the power of the switch, and immediately press the "ESC" key to enter the switch's monitoring mode multiple times after the switch is started. There are several options for the terminal interface, including some basic initialization settings.
Small tip:
The beginning of the author to follow the steps of the seventh step is not successful, the Super Terminal interface always show a lot of "... ”。 Later found that the original switch must be connected to the super terminal to power up, if you open the switch and then use the Super Terminal connection can not enter the monitoring mode.
Step eighth: According to the menu prompts, upload the profile config.text (Upload) to the notebook used by your network administrator, and then delete the configuration file config.text on the switch.
Step nineth: Open the Config.text file that you just downloaded on your system hard drive in your notebook, and the following statement
Enable Secret Level 1 5! E,1u_; c9&-8u0h
Enable secret Level 5 *r_1u_; c3vw8u0h
Delete and then save the exit.
Tenth step: According to the switch monitoring mode prompts, the notebook modified config.text to download (Download) to the switch.
11th Step: Reset the Super Terminal serial port speed of the notebook to 9600, others to keep the default parameters. Once the switch has been rebooted, enter the switch configuration interface and you will find that we can reconfigure the switch password, including remote Telnet admin password and local privileged password. After that, the switch's password will also become the one you just configured, while other configurations remain unchanged and will not affect any use.
Small tip:
In actual use, the author finds that the uploading and downloading files in the monitoring mode of the 3550 switch are not stable and often prompts for transmission failure. So the author simply directly in the monitoring mode will config.text Delete, and then restart the switch to reconfigure all switch information. This situation applies to the switch itself configuration is not much or complex, the other network administrators need to be familiar with the settings statement.
Summarize:
After the actual combat to crack the operation of the switch password, the author once again understand that for the routing switch device, the different manufacturers operating procedures and steps are absolutely different, even if the command statement similar but in other advanced operations are still very divergent. So all the content in this article is just for the real routers and switches, and if you're dealing with other devices, you need to take other steps to solve them.