Cisco 2600密碼恢復的原理: 啓動時繞過startup-config的配置(enable密碼保存在startup-config中),然後重新配置enable密碼。如果要使路由器在啓動時繞過startup-config的配置,只有修改配置寄存器的值。正常情況下配置寄存器的值是0x2102==0010.0001.0000.0010,其中第三段的第2個比特位可以控制路由器的啓動順序。如果該位爲0,則啓動時候運行startup-config的配置,如果該位爲1則忽略startup-config的配置,而進入setup模式。
1. 冷啓動路由器,在開機的前60秒之內,按住“Ctrl+Break”鍵,系統會進入災難恢復模式;
2. 在災難恢復模式下修改路由器寄存器的值使得路由器重新啓動時,不讀NVRAM中的配置文件,從而進入路由器的特權模式就不需要輸入密碼了;
3. 進行特權模式修改密碼,並保存配置。從而破掉特權密碼。
具體的密碼恢復過程
1. 冷啓動路由器,在開機的前60秒之內,按住“Ctrl+Break”鍵。這時系統會進入災難恢復模式,其提示符爲“Rommon>”
System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)
Copyright (c) 2002 by cisco Systems, Inc.
C2600 platform with 131072 Kbytes of main memory
monitor: command "boot" aborted due to user interrupt
rommon 1 >
rommon 1 >
2. Rommon>confreg 0X2142 //修改寄存器的值爲0X2142
改變寄存器的值,讓路由器忽略startup-config的配置,而進入Setup模式
You must reset or power cycle for new config to take effect
3. Rommon>reset //重啓路由器,重啓後由於不再讀NVRAM中的配置文件,因此係統會提示是否進入SETUP模式,請選擇“NO”
System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)
Copyright (c) 2002 by cisco Systems, Inc.
C2600 platform with 131072 Kbytes of main memory
program load complete, entry point: 0x80008000, size: 0xe688c8
Self decompressing the p_w_picpath : #################################################
################################################################################
################################################################################
########################## [OK]
Smart Init is enabled
smart init is sizing iomem
ID MEMORY_REQ TYPE
00036B 0X00103980 C2611XM Dual Fast Ethernet
0X000F3BB0 public buffer pools
0X00211000 public particle pools
TOTAL: 0X00408530
If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.
Rounded IOMEM up to: 5Mb.
Using 3 percent iomem. [5Mb/128Mb]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK8O3S-M), Version 12.2(11)T, RELEASE SOFTWARE (
fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 01-Aug-02 12:47 by ccai
Image text-base: 0x8000809C, data-base: 0x818188F4
Compliance with U.S. Export Laws and Regulations - Encryption
This product performs encryption and is regulated for export
by the U.S. Government.
This product is not authorized for use by persons located
outside the United States and Canada that do not have prior
approval from Cisco Systems, Inc. or the U.S. Government.
This product may not be exported outside the U.S. and Canada
either by physical or electronic means without PRIOR approval
of Cisco Systems, Inc. or the U.S. Government.
Persons outside the U.S. and Canada may not re-export, resell,
or transfer this product by either physical or electronic means
without prior approval of Cisco Systems, Inc. or the U.S.
Government.
cisco 2611XM (MPC860P) processor (revision 0x100) with 125952K/5120K bytes of me
mory.
Processor board ID JAD07020UQK (3078295415)
M860 processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: no //不進入對話模式退回到EXEC模式
Press RETURN to get started!
*Mar 1 00:00:14.046: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state t
o up
*Mar 1 00:00:14.046: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state t
o up
*Mar 1 00:00:15.048: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0/0, changed state to down
*Mar 1 00:00:15.048: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0/1, changed state to down
*Mar 1 00:00:20.613: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state
to administratively down
*Mar 1 00:00:20.613: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state
to administratively down
*Mar 1 00:00:22.384: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK8O3S-M), Version 12.2(11)T, RELEASE SOFTWARE (
fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 01-Aug-02 12:47 by ccai
*Mar 1 00:00:22.384: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing
a cold start
4. Router> //用戶模式提示符
5. Router>enable //進入特權模式
6. Router# //特權模式提示符
7. Router#copy startup-config running-config //把NARAM中的配置文件裝載到RAM中,使得原來的配置還在
使路由器以前的配置生效,保證以前的配置不丟失。
Destination filename [running-config]?
702 bytes copied in 2.488 secs (282 bytes/sec)
8. Router#config terminal //進入全局配置模式
Enter configuration commands, one per line. End with CNTL/Z.
9. Router(config)# //全局配置模式提示符
10. Router(config)#no enable password //刪除使能密碼
11. Router(config)#no enable secret //刪除加密密碼
12. Router(config)#config-register 0X2102 //還原寄存器的值爲0X2102
把配置寄存器的值改回來,否則以後每次重新啓動路由器都進入setup模式
13. Router(config)#exit //返回到特權模式
14. Router# //特權模式提示符
15. Router#copy running-config startup-config //把修改過密碼的配置文件備份到NVRAM裏
Destination filename [startup-config]?
Building configuration...
[OK]