RE: Password recovery on a password recovery disabled router

From: Harris, Joe F (Joe_Harris@xxxxxxxxxxxx)
Date: Mon Dec 10 2001 - 13:42:58 GMT-3

Next message: Hotmail: "Re: iBGP to OSPF redistribution - weird behavior?"
Previous message: Bauer, Rick: "RE: Lab 20 setting ospf hello interval"
Maybe in reply to: Charles Huang: "Password recovery on a password recovery disabled router"
Next in thread: kym blair: "Re: Password recovery on a password recovery disabled router"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router-1(config)#enable secret 435hbklkl98gfdt43
Router-1(config)#no service password-recovery
WARNING:
Executing this command will disable password recovery mechanism.
Do not execute this command without another plan for
password recovery.

Are you sure you want to continue? [yes/no]: yes
Router-1(config)#end
Router-1#wr mem
Building configuration...
[OK]
Router-1#reload
Proceed with reload? [confirm]

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2600 platform with 49152 Kbytes of main memory

PASSWORD RECOVERY FUNCTIONALITY IS DISABLED
program load complete, entry point: 0x80008000, size: 0x928024
Self decompressing the image :
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
########################################################## [OK]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-JO3S56I-M), Version 12.0(7)T, RELEASE
SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 07:11 by phanguye
!I ISSUED BREAK SEQUENCE HERE
Image text-base: 0x80008088, data-base: 0x8107A5D0

PASSWORD RECOVERY IS DISABLED.
Do you want to reset the router to factory default
configuration and proceed [y/n] ? !I ANSWERED WITH A "Y" BUT
THE ROUTER DOES NOT DISPLAY IT
Reset router configuration to factory default. !IT TELLS ME IT RESET THE
ROUTER TO FACTORY DEFAULTS

Compliance with U.S. Export Laws and Regulations - Encryption

This product performs encryption and is regulated for export
by the U.S. Government.

This product is not authorized for use by persons located
outside the United States and Canada that do not have prior
approval from Cisco Systems, Inc. or the U.S. Government.

This product may not be exported outside the U.S. and Canada
either by physical or electronic means without PRIOR approval
of Cisco Systems, Inc. or the U.S. Government.

Persons outside the U.S. and Canada may not re-export, resell,
or transfer this product by either physical or electronic means
without prior approval of Cisco Systems, Inc. or the U.S.
Government.

cisco 2620 (MPC860) processor (revision 0x102) with 39936K/9216K bytes of
memory.
Processor board ID JAD042206GN (1804004596)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 FastEthernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
WARNING:
Executing this command will disable password recovery mechanism.
Do not execute this command without another plan for
password recovery.

Are you sure you want to continue? [yes/no]: no
!NOTICE I SAID NO BECAUSE I DO NOT WANT ENABLE THE COMMAND

Press RETURN to get started!

Router-1>
Router-1>en
Password:
Password:
Password:
% Bad secrets

Router-1>
I DID NOT KNOW THE PASSWORD SO I HAD NO CHOICE HERE EXCEPT TO POWER CYCLE
THE ROUTER

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
PC = 0xfff0a530, Vector = 0x500, SP = 0x680127b0
C2600 platform with 49152 Kbytes of main memory

PC = 0xfff0a530, Vector = 0x500, SP = 0x80004864

monitor: command "boot" aborted due to user interrupt !ISSUED BREAK SEQUENCE
HERE AND IT LET ME ROMMON
rommon 1 > confreg 0x2142

You must reset or power cycle for new config to take effect
rommon 2 > i

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2600 platform with 49152 Kbytes of main memory

program load complete, entry point: 0x80008000, size: 0x928024
Self decompressing the image :
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
############################################################################
########################################################## [OK]

Restricted Rights Legend

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Compliance with U.S. Export Laws and Regulations - Encryption

This product performs encryption and is regulated for export
by the U.S. Government.

This product is not authorized for use by persons located
outside the United States and Canada that do not have prior
approval from Cisco Systems, Inc. or the U.S. Government.

This product may not be exported outside the U.S. and Canada
either by physical or electronic means without PRIOR approval
of Cisco Systems, Inc. or the U.S. Government.

Persons outside the U.S. and Canada may not re-export, resell,
or transfer this product by either physical or electronic means
without prior approval of Cisco Systems, Inc. or the U.S.
Government.

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no

Press RETURN to get started!

Passed
00:00:22: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
00:00:22: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down
00:00:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to down
00:00:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed
state to down
00:00:24: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-JO3S56I-M), Version 12.0(7)T, RELEASE
SOFTWARE (fc2)
CopyrTranslating "Router"...domain se
Router>rver (255.255.255.255)
ight (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 07:11 by phanguye
00:00:26: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to
administratively down
00:00:26: %LINK-5-CHANGED: Interface Serial0/0, changed state to
administratively down
Router>
Router>en
Router#sh star
Using 2027 out of 29688 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service password-recovery
!
hostname Router-1
!
no logging console
enable secret 5 $1$dgjH$SGezEBlqNYSzx3vGafYba/
!
!
!
!
!
ip subnet-zero
ip tcp synwait-time 15
no ip domain-lookup
!
ip audit notify log
ip audit po max-events 100

Router#copy star run
Destination filename [running-config]?
Please reset the ignore config bit (0x40) in config-register.

2027 bytes copied in 1.940 secs (2027 bytes/sec)
Router-1#
Router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router-1(config)#enable secret TexasLonghorns
Router-1(config)#config-register 0x2102
Router-1(config)#end
Router-1#wr mem
Building configuration...
[OK]
Router-1#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption !The "no service password-recovery" command
is gone now
!
hostname Router-1
!
no logging console
enable secret 5 $1$RDW/$hI2VDtRADBMzHNBQ1/EKV.
!
!
!
!
!
ip subnet-zero
ip tcp synwait-time 15
no ip domain-lookup
!
ip audit notify log
ip audit po max-events 100
ip port-map realmedia port 5050 list 2
ip port-map ftp port 7142 list 1
cns event-service server
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.10.1 255.255.255.0
no ip directed-broadcast
!
interface Loopback1
ip address 192.168.11.1 255.255.255.0
no ip directed-broadcast
!
interface Loopback2
ip address 192.168.12.1 255.255.255.0
no ip directed-broadcast
!
interface Loopback3
ip address 192.168.13.1 255.255.255.0
no ip directed-broadcast
!
interface Loopback4
ip address 192.168.14.1 255.255.255.0
no ip directed-broadcast
!
interface Loopback5
ip address 192.168.15.1 255.255.255.0
no ip directed-broadcast
!
interface FastEthernet0/0
ip address 172.16.10.1 255.255.255.0
no ip directed-broadcast
ip ospf network point-to-point
shutdown
duplex auto
speed auto
!
interface Serial0/0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
!
router ospf 50
log-adjacency-changes
timers spf 0 0
network 172.16.10.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 10
network 192.168.11.0 0.0.0.255 area 11
network 192.168.12.0 0.0.0.255 area 12
network 192.168.13.0 0.0.0.255 area 13
network 192.168.14.0 0.0.0.255 area 14
network 192.168.15.0 0.0.0.255 area 15
!
ip classless
no ip http server
!
access-list 1 permit 192.168.11.112
access-list 1 permit 192.168.11.16
access-list 1 permit 192.168.10.240
access-list 2 permit 192.168.10.0
access-list 2 permit 192.168.11.0
!
!
line con 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
no scheduler allocate
end

Router-1#reload
Proceed with reload? [confirm]

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2600 platform with 49152 Kbytes of main memory

Restricted Rights Legend

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Compliance with U.S. Export Laws and Regulations - Encryption

This product performs encryption and is regulated for export
by the U.S. Government.

This product is not authorized for use by persons located
outside the United States and Canada that do not have prior
approval from Cisco Systems, Inc. or the U.S. Government.

This product may not be exported outside the U.S. and Canada
either by physical or electronic means without PRIOR approval
of Cisco Systems, Inc. or the U.S. Government.

Persons outside the U.S. and Canada may not re-export, resell,
or transfer this product by either physical or electronic means
without prior approval of Cisco Systems, Inc. or the U.S.
Government.

Press RETURN to get started!

Router-1>en
Password: !I ENTERED TEXASLONGHORNS AS THE PASSWORD AND I AM IN
REGARDLESS OF IF THE "NO SERVICE PASSWORD-RECOVERY" COMMAND HAD BEEN
ENTERED.
Router-1#

-----Original Message-----
From: Charles Huang [mailto:CharlesNY2000@Yahoo.Com]
Sent: Monday, December 10, 2001 9:26 AM
To: ccielab@groupstudy.com
Subject: Password recovery on a password recovery disabled router

Does anybody know how to break a password with password recovery disabled
router ?

Next message: Hotmail: "Re: iBGP to OSPF redistribution - weird behavior?"
Previous message: Bauer, Rick: "RE: Lab 20 setting ospf hello interval"
Maybe in reply to: Charles Huang: "Password recovery on a password recovery disabled router"
Next in thread: kym blair: "Re: Password recovery on a password recovery disabled router"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:41 GMT-3