2023年11月26日发(作者:)
各路由器密码找回方法
适用于所有的2000系列、2500系列、3000系列,以680x0为基准的4000系列,在ROM
中运行10.0或更高版本的IOS以后的7000系列,在ROM中运行9.1或更高版本的软件
的IGS系列。
这里假定您的路由器的名字为 “router”。
--------------------------------------------------------------------
1、将一台终端或将PC以终端仿真的方式连到路由器的CONSOLE口上。
2、启动路由器到 “router>”状态下,键入 “show version”命令,此时记录下该命令的输出信
息中的configration register的值(改值通常在该命令输出的最后一行),这个值通常应为
0x2102或0x102。例如:configration register is 0x2102。
3、将路由器的电源关掉,然后又重新开启。
4、在路由器启动后的60秒内请在终端上键入中断键(Break键或Ctrl_C键),您会看到
一个前面没有路由器名字的>大于号)提示符。如果没有出现,说明您没有给出正确的Break
信号,在这种情况下,请您检查终端仿真的设置。
5、在>号提示符下键入 “o/r0x42”以便从Flash启动,注意第一个字母 “o”不是十进制数 “0”
6、在>号提示符下键入 “i”,路由器便会忽视存储的配置文件进行重新启动。
7、路由器启动后,对所有的setup的问题回答 “no”。
8、在router> 提示符下键入 “enable”,您就不需要口令就进入到enable模式,并且看到
router# 提示符。
9、有两种方法可以改变enable口令:
a. 删除所有的配置,键入 “write erase”。
b. 不删除所有的配置,只删除enable的口令
①.在router# 提示符下键入 “config mem”。
②.在router# 提示符下键入 “write term”。
③.在router# 提示符下键入 “config term”,出现提示符router(config)#。
④.在router(config)#提示符下键入 “enable secret xxxxxx”,其中 “xxxxxx”为您想所设定
的口令。
⑤.键入 “Ctrl_z”或 “exit”,退出到router# 状态下。
⑥.在router# 提示符下键入 “write mem”。
10、在router# 提示符下键入 “config term,进入到router(config)# 提示符下。
11、在route(config)# 提示符下键入 “config-register 0x2102”,或者您在第二步所记录
下来的值。
12、在router(config)# 提示符下键入 “Ctrl_z”或 “exit”,退出到router# 状态下。
13、在router# 提示符下键入 “write mem”(这一步也可省略)。
14、在router# 提示符下键入 “reload”。
15、在问您是否确认重新启动,键入回车键即可。
Cisco 2500系列的口令恢复
Cisco的系列访问服务器(Access Server)由于其稳定的性能在人民银行金融网络中使用
十分普遍。由于网络设备相对而言价格昂贵,使得一般人很少有机会像操作PC一样,可以
经常使用和练习,因此当出现一些问题时很难解决。下面是一个Cisco 2509访问服务器口
令丢失,导致无法进行参数恢复处理的例子。本文通过剖析Cisco 2500系列访问服务器的
内存模式、配置管理,并以Cisco 2509为例给出口令恢复的方法。 1.口令类别
Cisco路由器包含以下几种类别的口令:
有效密码口令(enabled secret password):是一种安全级别最高的加密口令,适用于
CiscoIOS10.3(2)以后的版本,在路由器的配置表中以密码的形式出现。
有效口令(enabled password):安全级别次高的非加密口令。当有效密码口令没设置时,
使用该口令。
终端口令(console password):用于防止非法或未授权用户修改路由器配置,在用户通过
主控终端对路由器进行设置时,使用该口令。
2.口令恢复原理
Cisco路由器保存了几种不同的配置参数,并存放在不同的内存模块中,介绍如下:
•内部内存种类
Cisco2500系列路由器有几种类别的内存:ROM、闪存(flash memory)、不可变RAM
(NVRAM)、RAM和包共享内存等五种。作用如下:
内存类别 作用
ROM 存放系统的引导程序
闪存 存放Cisco IOS的镜像
NVRAM 存放配置文件(即startup-config)
RAM 存放当前系统使用配置
包共享内存 进出包缓冲区
•配置文件及相关存放内存
•操作环境(PA3)及对应的配置登记码路由器的正常启动,应依次引导以下程序:
口令恢复的关键在于对配置登记码进行修改,从而让路由器从不同的内存中调用不同的参数
表进行启动。有效口令存放在NVRAM中,因此修改口令的实质是将登记码进行修改,从
而让路由器跳过NVRAM中的配置表,直接进入ROM模式,然后对有效口令和终端口令进
行修改或者重新设置有效加密口令(因为有效加密口令为加密乱码,无法进行恢复,只可以
改写),完成后再将登记码恢复。
3.口令恢复步骤
将Cisco2509的主控口连接到PC机的串口上(如COM 1);
启动Win95/98的超级终端,并配置为9600波特率、8个数据位、无奇偶校验、2位停止
位;
用show version命令查看登记码;
如果中断屏蔽(即登记码的第4位为1),则重启路由器,并在开机后60秒内按Break键;
如果中断未屏蔽,则发送中断;
执行以下命令,将登记码设置为0x042,使路由器跳过NVRAM模式,从ROM模式启动;
>o/r 0x042
进行初始化;
>i
路由器重启,并将登记码设为0x142;
当提示是否进入对话配置时,回答“否”,出现;
Press RETURN to get started!
按回车,进入ROM模式:
Router >
键入enable命令进入EXEC状态,并键入命令configure memory,将NVRAM模式中的
参数表装入内存;
键入configureter minal命令进行配置;从配置表中找出忘记的有效口令(或改写),并重
新改写有效密码口令;
Router # configure terminal
将登记码还原为0x2102(即从闪存正常启动,并屏蔽中断)。
[i=s] 本帖最后由 xuexiaoning 于 2008-12-23 15:37 编辑
Cisco路由器口令的恢复(1020)
Description
This document describes how to recover a password on a Cisco 1020 router.
Since the Cisco 1020 router is often not physically secured, to perform a password recovery you
must call Cisco Systems or your distribution channel and provide a Cisco 1020 router generated
challenge. Using the override program, the support representative can provide a one-time
password you can use to enter enable mode.
Notes:
Overrides can be done only from the console.
Press Return at the password prompt if the enable password is not set.
Step-by-Step Procedure
the console, log in to the Cisco 1020 router with username enable and password
override.
The 1020 prints a challenge.
e the support representative with the challenge.
The challenge is used to provide the response.
the 1020 console, log in with username enable and use the response as the password.
Step-by-Step Procedure
Use the show version command to determine if the processor in your router is an RP or an
RSP7000.
If the processor is an RP, use the password recovery procedure for the Cisco 2500.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
TN3270 Emulation software.
1 Switch Processor
BOOTFLASH: RSP Software (RSP-BOOT-M), Version 12.0(3), RELEASE SOFTWARE
(fc1)
Router uptime is 5 days, 10 minutes
System returned to ROM by reload at 14:17:10 MEST Tue Apr 18 2000
This document describes how to recover a password on a Cisco cs500 communication server.
The Cisco cs500 does not have a console port so to recover a password you must erase the
configuration then configure the server again.
Step-by-Step Procedure
the Cisco cs500 server.
and hold the DEFAULT button on the front of the chassis.
on the server.
The OK and LAN LEDs blink on and off.
the OK and LAN LEDs blink off (after about 15 seconds), release the DEFAULT button.
Type show version and record the setting of the configuration register. Click here to see output
of a show version command.
The configuration register setting is usually 0x2102 or 0x102.
Using the switch, turn off the router and then turn it on.
Press Break on the terminal keyboard within 60 seconds of the powerup to put the router into
ROMMON.
If the break sequence doesn't work, see Possible Key Combinations for Break Sequence During
Password Recovery for other key combinations.
Type enable secret .
Issue the no shutdown command on every interface that is used. If you issue a show ip interface
brief command, every interface that you want to use should be "up up".
Type config-register 0x2102, or the value you recorded in step 2.
Press Ctrl-z to leave the configuration mode.
Basic Rate ISDN software, Version 1.1.
1 Ethernet/IEEE 802.3 interface(s)
Software clause at DFARS sec. 252.227-7013.
Press RETURN to get started! (press Enter)
00:01:45: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
Router(config)#enable secret cisco
Router(config)#
00:03:39: %SYS-5-CONFIG_I: Configured from console by console
Router#sh ip int brief
Interface IP-Address OK? Method Status Protocol
BRI0 unassigned YES TFTP administratively down down
BRI0:1 unassigned YES unset administratively down down
BRI0:2 unassigned YES unset administratively down down
Dialer0 unassigned YES TFTP up up
Dialer1 192.168.32.1 YES TFTP up up
Ethernet0 10.200.40.65 YES TFTP administratively down down
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int e 0
Router(config-if)#no shut
Router(config-if)#
00:04:02: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
00:04:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to
up
Router(config)#config-reg 0x2102
Router(config)#^Z
Router#
00:04:36: %SYS-5-CONFIG_I: Configured from console by console
Router#write mem
Cisco路由器口令的恢复(700)
This document describes the procedure for performing password recovery on Cisco 750/760
series routers using the NVRAM erase code ( or ). Choose the
appropriate Terminal Emulation Package (Windows95 and Windows3.1x instruction are
included).
At this point, reload the original software repeating step 2.
Procedure for performing a text/ascii transfer using Windows95 Hyperterminal
Choose Properties from the File Menu
Choose Settings Tab
Choose ASCII Setup Button
Make sure that both "Line Delay" and "Character Delay" are set to zero.
Make sure that "Send line ends with line feeds is check marked".
Click the OK Button on both screens.
The file is now being transferred to here may not be any indication that the file is
transferring except for the LINE LED on the front of the unit. While the transfer is occuring, the
LINE LED will be flashing rapidly on the front of the unit.
Cisco路由器口令的恢复(600)
The steps below describe how to recover a password on the Cisco 600 series of routers.
Step 1: Enter RMON mode.
To do this, follow the steps below:
Connect your PC to the console port of the router.
Set your Terminal Access Program (such as HyperTerminal in Windows) to the following
settings:
Baud rate: 38400 bps recommended (standard 9600 bps possible)
Data bits: 8
Step 3: Look for your encrypted password.
The text of the password will be altered by two letters. For example, using the key a = c, b = d, c
= e, and so on, the password "cisco" would be "agqam".
Step 4: (This step is optional.) Erase the current configuration.
An example is shown below:
=>es 6
Erasing
Sector erased
=>rb
the following prompt.
Begin ascii upload at 8n1/9600 baud.
Start the ascii file transfer of the image, for the 750 series or for the
760 series. These files are not interchangeable. This file must be treated as a text file for loading
into the unit via the console port. At 9600, the transfer takes approximately 12 minutes. While
the transfer is occuring, the LINE LED will be flashing rapidly. When the transfer is complete the
unit will respond with the following prompts and then reboot itself:
Firmware transfer successful.
Choose Send from the Transfer menu.
Locate file (may have to change Files of Type to All Files) and highlight it.
Click the OK Button.
The file is now being transferred to here may not be any indication that the file is
transferring except for the LINE LED on the front of the unit. While the transfer is occuring, the
LINE LED will be flashing rapidly on the front of the unit.
Procedure for performing a text/ascii transfer using Windows Terminal
Choose from the Settings Menu.
Make sure that "Standard Flow Control" is chosen.
Click the OK Button.
Baud rate: 38400 bps recommended (standard 9600 bps possible)
Data bits: 8
Parity: None
Stop bits: 1
Flow control: None
Power cycle the router (turn the router off, then on using the router's power switch)
As soon as you see the Hello! prompt, type Ctrl-C.
You are now in RMON mode.
Step 2: If you need to save the configuration file, execute the following command:
Hello!
CBOS v2.0.1.01
Note: This step reboots a Cisco 600 series router with no configuration. You will need to redo
the configuration and then use the write command to save the changes to NVRAM.
发布评论