ELEC 99.08
Password Recovery
CISCO NETWORKING ACADEMY

• Problem: Lost Password
• Overview & Strategy
• Step-by-Step
CISCO NETWORKING ACADEMY

• If line passwords are lost, you can’t log on.
• If enable secret is lost, you can’t do anything useful.
• Unless you can recover from this situation, your router’s config can never be changed.
For all practical purposes, the router is a doorstop .
CISCO NETWORKING ACADEMY

• 3 ways to “recover”
– view the password oak#show run
– change the password oak(config)#enable secret chabot
– erase the configuration, including the password, and start over oak#erase start oak#reload
• To do any of these, which mode must you be in?
privileged
CISCO NETWORKING ACADEMY

• To enter privileged mode, what is usually required?
enable secret password
• So that’s the key to the strategy:
Enter the privileged mode without knowing the enable secret!
• Here’s how...
CISCO NETWORKING ACADEMY

• Configure the router to start up without reading its configuration file.
(that’s where the passwords are stored)
• Do this by
– interrupting the normal boot process
– setting the config-register to ignore the config file
– rebooting the router (again)
• When it reboots, it has no config and no passwords. Just enable the privileged mode!
• Change, view, or erase the passwords.
• Restore the config register for a normal boot.
CISCO NETWORKING ACADEMY

• Connect to the router’s console port.
CISCO NETWORKING ACADEMY

• Display and record the current value of the router’s config register. You’ll need to reset the register to this value later, so write it down now.
show version
If you can’t login to the router, you can discover the setting in a later step.
oak> show version
Cisco Internetwork Operating System Software IOS (tm) 2500
Software (C2500-JS-L), Version 12.0(7)T, RELEASE SOFTWARE
16384K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102
CISCO NETWORKING ACADEMY

• Power-cycle the router
• Why can’t you use reload ?
• What mode must you be in to reload ?
privileged
What must you know to be able to enter the privileged mode?
enable secret so, you must use the power switch...
CISCO NETWORKING ACADEMY

• Power-cycle the router
• Within 60 seconds, interrupt the normal boot process:
– Press break key (control-break on Hyperterm PE)
– The router enters ROM-monitor mode and presents this prompt >
!-- The router was just powercycled
!-- During bootup a break sequence was sent to the router.
!
Abort at 0x10EA83C (PC)
>
CISCO NETWORKING ACADEMY

(option if Step 2 could not be performed)
• Display and record the current value of the router’s config register. You’ll need to reset the register to this value later, so write it down now.
>o
Letter “o”, not the number zero
Abort at 0x10EA83C (PC)
>o
Configuration register = 0x2102 at last boot
Bit# Configuration register option settings:
...
CISCO NETWORKING ACADEMY

• Set the config register to ignore the config file during boot:
>o/r 0x21 4 2
Letter “o”, not the number zero
4 here causes config file not to be loaded
Abort at 0x10EA83C (PC)
>o/r 0x2142
CISCO NETWORKING ACADEMY

• Reboot the router (again):
>i
(Initialize)
(The router reboots, but ignores its config file .)
Abort at 0x10EA83C (PC)
>o/r 0x2142
>i
CISCO NETWORKING ACADEMY

• Do not enter the system config dialog.
(Use control-C to skip all questions.)
^C
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog?
[yes/no]:
^C
CISCO NETWORKING ACADEMY

• Enable the privileged mode en
• No password is required, because the router has not loaded a configuration file.
• This is the key step.
Now you can do whatever you want!
Router> en
Router#
CISCO NETWORKING ACADEMY

• Load the config file by copying the startup config to the running config: copy start run
• It’s OK to load the config now - you’re already in privileged mode!
Router#
Router# copy start run oak#
CISCO NETWORKING ACADEMY

• View the running config: show run
• You can now see all passwords except the enable secret!
(it is encrypted, so you’ll need to change it.) oak# oak# show run
CISCO NETWORKING ACADEMY

• Change the enable secret: conf t enable secret [word]
• Now you’re all set.
oak# oak# conf t oak(config)#enable secret chabot
CISCO NETWORKING ACADEMY

• Restore the original setting of the configuration register: config-register 0x2102
• This step causes the router to load its config file normally at next reboot.
oak# oak# conf t oak(config)#config-register 0x2102
CISCO NETWORKING ACADEMY

• Bring up all interfaces that are in use: no shut
• The interfaces were administratively shut down when the router booted with no config file.
oak#(config)# int e0 oak(config-if)#no shut oak(config-if)#int s0 oak(config-if)#no shut oak(config-if)#int s0 oak(config-if)#no shut
CISCO NETWORKING ACADEMY

• Save the current config-register setting to
NVRAM, and then reboot: copy run start reload oak# conf t oak(config)#config-register 0x2102 oak(config)^Z oak#copy run start oak#reload
CISCO NETWORKING ACADEMY

• So…
• Why should Cisco routers be kept in physically secure areas, where the general public can’t get access to the console port?
CISCO NETWORKING ACADEMY