Thursday, July 01, 2004

Password Recovery on Cisco Routers and Switches

i had to do this the other day, `cause the routers that my friend lent me had some passwords on it, so i had to practice breaking the passwords(like if i didn`t enjoy it...) :)

KEY POINTS:(don`t worry, you`ll understand after reading the whole paragraph)
1-COLD BOOT THE ROUTER
2-INTERRUPT THE BOOTUP SEQUENCE
3-CHANGE THE CONFIGURATION REGISTER
4-LOAD STARTUP-CONFIG TO RUNNING-CONFIG(TO SEE AND CHANGE THE PASSWORD)
5-CHANGE PASSWORD
6-CHANGE CONFIGURATION REGISTER TO NORMAL(TO LOOK FOR NVRAM)
7-SAVE NEW SETTINGS
8-RELOAD ROUTER



Here it goes the article found on http://www.cramsession.com/articles/files/password-recovery-on-rout-9162003-1640.asp about it:

"Now you've done it. You can't remember the password for your Cisco Router or Catalyst Switch. Or maybe you never even knew it - say, this is a used router or switch and its former owner can't be found, isn't talking . . . Whatever.

This isn't good.

Not that it won't run. After all, a router doesn't require a password to function (Imagine if it did. All those users on the network that need to get from one end of the network to the other - a nightmare). So, sure, it'll boot just fine, it'll run just fine. But Heaven help you if you want to reconfigure the thing. Without the router/switch password, you will enable or disable nothing.

So let's say it's time to reconfigure and, try as you might, you simply cannot recall the password or you never knew it. Luckily, this is router/switch configuration, not rocket science. Losing the password is a problem. The solution is called password recovery, though I cannot explain to you why because recovering the password isn't the only option.

Now, this article may make it look cut and dry - and, for the most part it is - but bear in mind there is a certain lack of uniformity for password recovery from platform to platform. There are almost as many ways to effect password recovery as there are Cisco routers and catalyst switches. Recovery procedures will vary and will depend, in large part, on the platform and IOS version. On most of these platforms, you can do password recovery without changing hardware jumpers but you will be required to reboot the router.

This article assumes you are familiar with decimal to hexadecimal conversion. I'm also assuming you know how the configuration register applies that hex number to its 2-byte numbering scheme. If this is still a mystery to you, click here to read another Cramsession on Hex.

And remember this: Password recovery can be done ONLY from a console port physically attached to the router. You will not be able to dial into the router or switch to do password recovery.

All that said, there are some general rules and guidelines. For instance, there are three ways to restore access to a router's configuration:
You can VIEW the password.
CHANGE the password
ERASE the router/switch's configuration and start from scratch

Each of the above described procedure follows these basic steps:
Change the configuration register to tell bootstrap program to ignore the current NVRAM file at bootup. This often is called placing the router in "test system mode."
Reboot the system.
Access enable mode (this can be done without a password so long as you're in test system mode).
Decide whether to VIEW the password, CHANGE the password or ERASE the configuration and start from square 1.
Reset the register back to its original status so the router/switch will boot up and read the NVRAM as it does normally.
Reboot.

Simple, right? Well, it can be. Sometimes it isn't. Here's more of a breakdown.

One step that trips up many a tech is the "break signal." Some platforms, while running password recovery, require a terminal to issue a Break signal. Whether you'll need to do this will depend on how your terminal or PC terminal emulator issues this signal. Typically, the break key sequence will be Ctrl+C. However, the key sequence can be very different. For example, in ProComm, the keys Alt-B will, by default, generate a Break signal. In Windows 2000, the sequence is Ctrl+Break. In Apple's Z Terminal, it's Command+B. The break key sequence interrupts the regular boot process and the ROM monitor prompt will appear.

What you do at this point will vary but, generally, you will enter "0" and press the Enter key to view the routers present register settings. The sixth register bit should be disabled. This is where you'll take the next step. The sixth register bit controls whether the bootstrap will ignore or use the NVRAM configuration file. If it's set to ignore the NVRAM configuration file, then NVRAM will not load.

Enable the sixth register bit to ignore NVRAM by issuing o/r 0x2142 at the prompt.

Now you've done it (just kidding). You'll get a warning message from the router telling you that the NVRAM is missing or invalid, possibly due to a write erase. This will not concern you because you will remember what you've just done with that sixth bit. You also will suddenly find yourself logged into the router without a password. Kewl.

At the prompt, type "i" to initialize the router.

On bootup, bypass type "no" in the initial configuration dialog prompt to bypass it. This will bring up the default prompts (router>) and you need to enter privileged exec mode by typing "enable" at that prompt.

You've made it this far. Now, reload the original startup-configuration file into memory by issuing, in privileged mode, the "copy startup-config running-config: command. It's here that you'll have the option to recover the password.

Let's make it just a hair more complicated and say you've enabled the process to recover via the enable secret password. This one will remain encrypted, which means you won't be able to read it. What to do next will vary but, in general, the steps you take are:
Issue the "enable secret password" command to redefine the current secret password configuration.
Return the register settings to their original configuration and, from global configuration mode, key "config-register 0x2102."
Watch the values reset.
Key in "copy running-config startup-config" to save the current configuration and apply the above changes.

Having said all the above, please recall your experience will vary depending on a number of factors, especially the make and model of the router or switch. So here's a link to Cisco with a complete list of all Cisco routers and catalyst switches and their corresponding password recovery procedures. Just look up your device and read the specific instructions. Good luck."

0 Comments:

Post a Comment

<< Home