Cisco路由器交换机密码破解(小妞作品)
Cisco路由器交换机密码破解(小妞作品)路由器设备型号:2621XM
实验步骤:
Router>show version
…………………
cisco 2621XM (MPC860P) processor (revision 0x200) with 126976K/4096K bytes of memory.
Processor board>
M860 processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
4 Low-speed serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
注意:0x2102 是指开机时加载配置文件
0x2142 是指开机时不加载配置文件
断电重启,在超级终端里按下ctr+break键,进入画面(break键就是esc键)
System Bootstrap, Version 12.2(8r) ,>
Copyright (c) 2003 by cisco Systems, Inc.
PC = 0xfff0ac3c, Vector = 0x500, SP = 0x680127c0
C2600 platform with 131072 Kbytes of main memory
PC = 0xfff0ac3c, Vector = 0x500, SP = 0x80004884
monitor: command "boot" aborted due to user interrupt
rommon 1 >
把寄存器值改成0x2142
rommon 1 > ?
….
confreg configuration register utility
…..
rommon 2 > confreg
Configuration Summary
(Virtual Configuration Register: 0x2102)
enabled are:
load rom after netboot fails
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-C2600
do you wish to change the configuration? y/n:y
enable"diagnostic mode"? y/n:n
enable"use net in IP bcast address"? y/n:n
disable "load rom after netboot fails"? y/n:n
enable"use all zero broadcast"? y/n:n
enable"break/abort has effect"? y/n:n
enable"ignore system config info"? y/n:y
change console baud rate? y/n:n
change the boot characteristics? y/n:n
Configuration Summary
(Virtual Configuration Register: 0x2142)
enabled are:
load rom after netboot fails
ignore system config info
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-C2600
do you wish to change the configuration? y/n:
You must reset or power cycle for new config to take effect
rommon 3 >
用命令重启路由器
rommon 3 > reset
开机之后
Router>sh ver
Cisco Internetwork Operating System Software
………
Configuration register is 0x2142
Router#sh run 会发现是初始配置
Router#copy startup-config run
Destination filename ?
Slot is empty or does not support clock participate
WIC slot is empty or does not support clock participate
853 bytes copied in 0.956 secs (892 bytes/sec)
Router#sh run
Building configuration...
enable password xunbo
!
Router#config
Router(config)#no enable pass
Router(config)#end
Router#sh ru
Router# copy run start
Destination filename ?
Building configuration...
Router#conf t
Enter configuration commands, one per line.End with CNTL/Z.
Router(config)#config 0x2102
Router(config)#end
这样重启之后只是删了密码,但是配置还在。
交换机型号2950系列
交换机与路由器不一样,与寄存器无关
准备工作:
Switch(config)#enable pass xunbo
Switch#copy runstart
Destination filename ?
Building configuration...
Switch#dir /all
Directory of flash:/
2-rwx 916Mar 01 1993 00:04:09 +00:00vlan.dat
3-rwx 3117090Mar 01 1993 00:03:17 +00:00c2950-i6q4l2-mz.121-22.EA7.bin
4drwx 4160Mar 01 1993 00:03:50 +00:00html
375-rwx 5Mar 01 1993 00:26:31 +00:00private-config.text
376-rwx 831Mar 01 1993 00:26:31 +00:00config.text
Switch#more config.text
!
enable password xunbo
重启之后
Switch>en
Password:
需要密码,现在我们假如不知道密码
1)断电重启,在启动的过程按住mode键,直到进入
The system has been interrupted prior to initializing the
flash filesystem.The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
load_helper
boot
switch:
2)
switch: flash_init
Initializing Flash...
flashfs: 371 files, 4 directories
flashfs: 0 orphaned files, 0 orphaned directories
flashfs: Total bytes: 7741440
flashfs: Bytes used: 4739072
flashfs: Bytes available: 3002368
flashfs: flashfs fsck took 7 seconds.
...done initializing flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
3)switch: dir flash:
Directory of flash:/
2 -rwx916 <date> vlan.dat
3 -rwx3117090 <date> c2950-i6q4l2-mz.121-22.EA7.bin
4 drwx4160 <date> html
375-rwx5 <date> private-config.text
376-rwx831 <date> config.text
4)
switch: rename flash:config.text flash:config.old
switch: dir flash:
Directory of flash:/
2 -rwx916 <date> vlan.dat
3 -rwx3117090 <date> c2950-i6q4l2-mz.121-22.EA7.bin
4 drwx4160 <date> html
375-rwx5 <date> private-config.text
376-rwx831 <date> config.old
5)
switch: boot//重启
Switch>en
Switch#
00:01:31: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
Switch#
Switch#
Switch#sh run
恢复出厂配置
6)
Switch#rename flash:config.old flash:config.text
Switch#copystart run
%% Non-volatile configuration memory invalid or not present //不知道为什么行不通
Switch#copy flash:config.text system:running-config
Destination filename ?
831 bytes copied in 0.716 secs (1161 bytes/sec)
Switch#sh run
hostname Switch
!
enable password xunbo
7)接下来删掉密码
Switch# conf t
Enter configuration commands, one per line.End with CNTL/Z.
Switch(config)#no enable pass xunbo
Switch(config)#end
Switch#
00:09:05: %SYS-5-CONFIG_I: Configured from console by console
Switch#write
Building configuration...
Switch#dir flash:
Directory of flash:/
2-rwx 916Mar 01 1993 00:04:09 +00:00vlan.dat
3-rwx 3117090Mar 01 1993 00:03:17 +00:00c2950-i6q4l2-mz.121-22.EA7.bin
4drwx 4160Mar 01 1993 00:03:50 +00:00html
374-rwx 5Mar 01 1993 00:09:16 +00:00private-config.text
376-rwx 809Mar 01 1993 00:09:16 +00:00config.text
大功告成!!!
记住要点:交换机与路由器的破解不一样。
交换机与寄存器无关。
破解交换机的步骤:把原来的配置改名,断电重启,按住mode键,把命名后的密码重新导入。
页:
[1]