Have you ever heard the expression, "If you have physical access to a machine on the network, you can own that machine." I have, one of my professors at school harps on that all the time. I knew what he was talking about as far as Windows machines. I mean there are tons of free utilities you can use to reset the administrator's password in Windows. There are an equal number for Linux I'm sure, but what about a router? I'm not talking about a cheap D-Link router that you use at home, I am talking about production grade Cisco routers. Resetting the privileged mode password is really a simple process.
In class tonight, we had a lab where we had to do password recovery on a Cisco 2600 series router. The process was really simple. First of all, in order to reset the password you have to be physically connected to the console port, so forget the notion of telnetting in and "Hacking the Gibson."
Now that you have picked the lock to get into the server room where the routers are, or if you are a network admin and you genuinely have access to the server room, you can hook up your laptop directly to the router's console port. With something like hyperterminal, make sure you have connectivity with the router (Check with Cisco's website for the hyperterminal settings).
Now that you have a good connection, power off the router, then power it back on. After you turn it back on you have 60 seconds to press ctrl+break. Keep it held down until you see rommon 1>.
At rommon 1> type confreg 0x2142 the press enter. At rommon 2> type reset.
Now the router will reboot and will now skip the startup configuration and you will now be prompted to go through router setup. When prompted, select no. We don't want to reconfigure the router, we only want to reset the password.
Now you should be at a prompt like router>, type enable and press enter. You should now be at a prompt like this: router#. Type enable and your new password then press enter. You should also reset the secret password by typing enable secret and the new secret password.
Now with the passwords reset, save your changes by typing copy running-config startup-config and press enter. Now type config-register 0x2102 and press enter. Type reload at the prompt and the router will now be rebooted with your new password. Congratulations! You now own the box!
Please keep in mind that this is for a Cisco 2600 series router. For the full step by step instructions for this or any other Cisco product, visit Cisco.com and do a search for password recovery.
Jun 18, 2007
Cisco Password Recovery
11:16 PM
Paul B