CISCO на РУССКОМ - Просто о Сложном - MVP - Восстановление паролей продуктов CISCO

В данной статье рассматривается восстановление (забытых или утерянных) паролей на CISCO.

Пароль enable может быть восстановлен, пароль enable secret зашифрован, поэтому его можно только заменить.

Предполагается, что у Вас существует непосредственный доступ к консоли.

Следущая статья распространяется на следующие продукты:

Для поиска своего продукта воспользуйтесь сочетанием клавиш CTRL+F

*Cisco 806*Cisco 4700*Catalyst 2948G-L3*cisco 827*Cisco AS5x00*Catalyst 4840G*Cisco uBR900*Cisco 6x00*Catalyst 4908G-L3*Cisco 1003*Cisco 7000 (RSP7000)*Catalyst 5500(RSM)*Cisco 1004*Cisco 7100*Catalyst 8510-CSR*Cisco 1005*Cisco 7200*Catalyst 8510-MSR*Cisco 1400*Cisco 7500*Catalyst 8540-CSR*Cisco 1600*Cisco uBR7100*Catalyst 8540-MSR*Cisco 1700*Cisco uBR7200*Cisco MC3810*Cisco 2600*Cisco uBR10000*Cisco NI-2*Cisco 3600*Cisco 12000*Cisco VG200 Analog Gateway*Cisco 4500*Cisco LS1010*Route Processor Module*Cisco 1800*Cisco 2800*Cisco 3800*

К примеру Вы пытаетесь зайти в привилигированный режим (EXEC)

Код:

Router>enable
Password:
Password:
Password:
% Bad secrets

Наберите команду

Код:

Router>show version и узнайте версию вашего продукта.
Ключевым словом является Configuration register is.

Процедура восстановления пароля для Configuration register is 0x2102

Затем выключите и включите ваш маршрутизатор.

Во время загрузки (через 60 секунд после включения) нажмите клавишу Break

Клавиша Break для различных терминалов разная. Подробности тут

Должно появиться примерно следующее:

Код:

!--- The router was just powercycled and during bootup a
!--- break sequence was sent to the router.

!

*** System received an abort due to Break Key ***

signal= 0x3, code= 0x500, context= 0x813ac158
PC = 0x802d0b60, Vector = 0x500, SP = 0x80006030

Далее наберайте последовательно команды:

Код:

rommon 1 > confreg 0x2142

Появится сообщение:

Код:

You must reset or power cycle for new config to take effect - Вы должны набрать reset чтобы новая конфигурация применилась.

Код:

rommon 2 > reset

При запросе Would you like to enter the initial configuration dialog? [yes/no]:
Нужно ответить n

Появится сообщение:

Код:

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2600 platform with 32768 Kbytes of main memory

program load complete, entry point: 0x80008000, size: 0x6fdb4c

Self decompressing the image : ###############################
##############################################################
##############################################################
##############################################################
############################### [OK]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
Image text-base: 0x80008088, data-base: 0x80C524F8

cisco 2611 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory.
Processor board ID JAB031202NK (3878188963)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash partition 1 (Read/Write)
8192K bytes of processor board System flash partition 2 (Read/Write)

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

Далее последовательно вводим следующие команды:

Код:

Router>enable
Router#copy startup-config running-config
Destination filename [running-config]?
1324 bytes copied in 2.35 secs (662 bytes/sec)
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret
Router(config)#^Z
00:01:54: %SYS-5-CONFIG_I: Configured from console by console

Затем смотрим состояние наших интерфейсов:

Код:

Router#show ip interface brief

Пример:

Interface IP-Address OK? Method Status Protocol
Ethernet0/0 10.200.40.37 YES TFTP administratively down down
Serial0/0 unassigned YES TFTP administratively down down

"Поднимаем" интерефейсы:

Код:

Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int et 0 (сокращенная команда для interface Ethernet0/0)
Router(config-if)#no shutdown
Router(config-if)#
00:02:14: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:02:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up

Код:

Router(config-if)#^Z
Router#
00:02:35: %SYS-5-CONFIG_I: Configured from console by console
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router#show version

Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
Image text-base: 0x80008088, data-base: 0x80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes
System returned to ROM by abort at PC 0x802D0B60
System image file is "flash:c2600-is-mz.120-7.T"

cisco 2611 (MPC860) processor (revision 0x202)
with 26624K/6144K bytes of memory.
Processor board ID JAB031202NK (3878188963)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash partition 1 (Read/Write)
8192K bytes of processor board System flash partition 2 (Read/Write)

Configuration register is 0x2142

Затем:

Код:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#config-register 0x2102
Router(config)#^Z
00:03:20: %SYS-5-CONFIG_I: Configured from console by console

Router#show version

Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
Image text-base: 0x80008088, data-base: 0x80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes
System returned to ROM by abort at PC 0x802D0B60
System image file is "flash:c2600-is-mz.120-7.T"

cisco 2611 (MPC860) processor (revision 0x202)
with 26624K/6144K bytes of memory.
Processor board ID JAB031202NK (3878188963)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash partition 1 (Read/Write)
8192K bytes of processor board System flash partition 2 (Read/Write)

Configuration register is 0x2142 (will be 0x2102 at next reload)

Router#

Router#reload

Код:

System configuration has been modified. Save? [yes/no]: y
Building configuration...
[OK]
Proceed with reload? [confirm]

При написании статьи использовался материал с сайта производителя.

Более подробно процедура восстановления паролей
продуктов CISCO рассмотрена на официальном сайте.

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."