From: Brian Hescock (bhescock@xxxxxxxxx)
Date: Tue Aug 15 2000 - 11:51:20 GMT-3
Actually, you don't even need physical access, here's how:
me on my pc ------------------modem --terminal server ----router
This is a common procedure for some fortune 500 companies. It also
provides you a safe way to remotely do IOS upgrades, even if it doesn't
boot properly you can still get in via console. Password recovery is a
breeze also.
Brian
On Tue, 15 Aug 2000, David L Stewart wrote:
> John,
>
> What you are trying is impossible by design for security
> reasons. That doesn't mean the router admin can't put holes
> in this and make it possible. If he does, he is putting his
> network at risk. I can think of two cases for this.
>
> In cases where the BREAK has been left active, this does allow
> you to do what you want _if_ you have access to the router's
> CON and not just a VTY. Do a "sh ver" and see if the config
> reg has the ignore BREAK bit set: a 0x2102 is normal but if
> it is 0x2002 (break active) or 0x2042 (break active and set to
> ignore cofig in NVRAM), you can send the router a BREAK and
> enter into rommon mode. In rommon, you can set the config-reg
> to ignore the current config (if not already set to do so) and
> reload with no passwords set. After a reload, you can enable,
> then config mem to get an enabled configured router prompt.
>
> This can also be done in hardware. The only one who does this
> is r1r2.com on their labs. Their method is to detect a BREAK
> and force a reset of the router. Then, subsequent BREAK signals
> go to the router console rather than cause another reset. This
> is not a production environment and would be foolish to do in
> a production environment. Their web page is www.r1r2.com.
>
> Most other labs on the 'net have remote control power strips
> that cycle power to the equipment for password recovery. The
> power strip access is a separate connection and can be password
> protected or assigned a special ascii code which you must know.
>
> You may want to look at Cisco's password recovery page. There
> are ways to break into all Cisco gear. All methods require
> some type of physical access to the router or switch.
>
> Good luck
> Dave
>
> At 09:37 PM 8/13/00, qq wrote:
> >hi,
> > who can shed some light on me.
> > if not permit touch the power of cisco router, and also you are at the
> > status of normal mode, not exec privilege mode, can somebody crack the
> > password of the cisco router?
> >
> > just like status below:
> >
> >
> > router>
> >
> >can somebody crack the password?
> >
> >this is really stuck me!
> >
> >
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:26 GMT-3