1.7 密碼恢復
實驗目的:
1、掌握路由器密碼恢復。
2、掌握交換機密碼恢復。
實驗拓撲:
實驗步驟:
一、路由器密碼恢復
1、斷開電源,重啓路由器,並按住Ctrl+break組合鍵,進入rommon模式,
如下:
System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
Cisco 2621 (MPC860) processor (revision 0x200) with 253952K/8192K bytes of memory
Self decompressing the p_w_picpath :
#############
monitor: command "boot" aborted due to user interrupt
rommon 1 >
2、修改路由器配置寄存值爲0x2142,重啓路由器,如下:
rommon 1> confreg 0x2142
rommon 2 > reset
System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
Cisco 2621 (MPC860) processor (revision 0x200) with 253952K/8192K bytes of memory
Self decompressing the p_w_picpath :
########################################################################## [OK]
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 27-Apr-04 19:01 by miwang
Cisco 2621 (MPC860) processor (revision 0x200) with 253952K/8192K bytes of memory
Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
63488K bytes of ATA CompactFlash (Read/Write)
Continue with configuration dialog? [yes/no]:
Continue with configuration dialog? [yes/no]:
Continue with configuration dialog? [yes/no]:
可以看到,由於配置寄存值的原因,路由器沒有讀取本地配置文件。
3、進入正常操作模式,恢復配置並刪除密碼,如下:
①恢復配置
Router#copy startup-config running-config
Destination filename [running-config]?
520 bytes copied in 0.416 secs (1250 bytes/sec)
R1#
②查看配置
R1#show run
Building configuration...
Current configuration : 563 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
enable secret 5 $1$mERr$SFZOwQ08LKBCxfyaONDzp.
username PingingLab secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
③刪除密碼
R1(config)#no username PingingLab
R1(config)#no enable secret
R1(config)#line con 0
R1(config-line)#no login local
若設備本身的配置文件對我們意義不大的話,則建議直接採用write erase清空配置。
4、修改配置寄存值,如下:
R1(config)#config-register 0x2102
查看配置寄存值
R1#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 27-Apr-04 19:01 by miwang
Image text-base: 0x8000808C, data-base: 0x80A1FECC
ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
ROM: C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)
System returned to ROM by reload
System p_w_picpath file is "flash:c2600-i-mz.122-28.bin"
Cisco 2621 (MPC860) processor (revision 0x200) with 253952K/8192K bytes of memory
.
Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
63488K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2142 (will be 0x2102 at next reload)
5、保存配置並重啓路由器。
R1#write
Building configuration...
[OK]
R1#reload
Proceed with reload? [confirm]
此時,路由器密碼恢復成功。
二、交換機密碼恢復
1、斷開電源,重啓交換機,並按住交換機面板上的“mode”鍵盤,進入switch:模式並初始化文件系統,如下:
switch:
switch:flash_init
2、修改交換機默認配置文件的名字,重啓交換機,如下:
switch:rename flash:config.text flash:config2.text
switch:boot
3、進入正常模式後,恢復配置並刪除密碼,如下:
①恢復配置
swith#copy flash:config2.text run
SW1#
②查看配置
SW1#show running-config
Building configuration...
Current configuration : 1145 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW1
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
username PingingLab secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
③刪除密碼
SW1(config)#no username PingingLab
SW1(config)#no enable secret
SW1(config)#line console 0
SW1(config-line)#no login local
SW1(config-line)#exit
若交換機本身配置對我們沒有意義,則建議直接清空配置。
4、修改交換機配置文件名字到默認命名,如下:
SW1#rename flash:config2.text flash:config.text
5、保存配置並重啓交換機。
SW1#write
Building configuration...
[OK]
SW1#reload
此時交換機密碼恢復成功。
PingingLab
CCIE
深圳拼客信息科技有限公司·廣州大學城外環西路站
新浪微博:@拼客科技PingingLab
PingingLab微信公衆號:pinginglab
PingingLab技術交流羣:240920680