|
|
Cisco路由器交换机密码破解(小妞作品)
路由器设备型号:2621XM
实验步骤:
Router>show version
…………………
cisco 2621XM (MPC860P) processor (revision 0x200) with 126976K/4096K bytes of memory.
Processor board>
M860 processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
4 Low-speed serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
注意:0x2102 是指开机时加载配置文件
0x2142 是指开机时不加载配置文件
断电重启,在超级终端里按下ctr+break键,进入画面(break键就是esc键)
System Bootstrap, Version 12.2(8r) [cmong 8r],>
Copyright (c) 2003 by cisco Systems, Inc.
PC = 0xfff0ac3c, Vector = 0x500, SP = 0x680127c0
C2600 platform with 131072 Kbytes of main memory
PC = 0xfff0ac3c, Vector = 0x500, SP = 0x80004884
monitor: command "boot" aborted due to user interrupt
rommon 1 >
把寄存器值改成0x2142
rommon 1 > ?
….
confreg configuration register utility
…..
rommon 2 > confreg
Configuration Summary
(Virtual Configuration Register: 0x2102)
enabled are:
load rom after netboot fails
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-C2600
do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]: n
enable "use net in IP bcast address"? y/n [n]: n
disable "load rom after netboot fails"? y/n [n]: n
enable "use all zero broadcast"? y/n [n]: n
enable "break/abort has effect"? y/n [n]: n
enable "ignore system config info"? y/n [n]: y
change console baud rate? y/n [n]: n
change the boot characteristics? y/n [n]: n
Configuration Summary
(Virtual Configuration Register: 0x2142)
enabled are:
load rom after netboot fails
ignore system config info
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-C2600
do you wish to change the configuration? y/n [n]:
You must reset or power cycle for new config to take effect
rommon 3 >
用命令重启路由器
rommon 3 > reset
开机之后
Router>sh ver
Cisco Internetwork Operating System Software
………
Configuration register is 0x2142
Router#sh run 会发现是初始配置
Router#copy startup-config run
Destination filename [running-config]?
Slot is empty or does not support clock participate
WIC slot is empty or does not support clock participate
853 bytes copied in 0.956 secs (892 bytes/sec)
Router#sh run
Building configuration...
enable password xunbo
!
Router#config
Router(config)#no enable pass
Router(config)#end
Router#sh ru
Router# copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#config 0x2102
Router(config)#end
这样重启之后只是删了密码,但是配置还在。
交换机型号2950系列
交换机与路由器不一样,与寄存器无关
准备工作:
Switch(config)#enable pass xunbo
Switch#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
Switch#dir /all
Directory of flash:/
2 -rwx 916 Mar 01 1993 00:04:09 +00:00 vlan.dat
3 -rwx 3117090 Mar 01 1993 00:03:17 +00:00 c2950-i6q4l2-mz.121-22.EA7.bin
4 drwx 4160 Mar 01 1993 00:03:50 +00:00 html
375 -rwx 5 Mar 01 1993 00:26:31 +00:00 private-config.text
376 -rwx 831 Mar 01 1993 00:26:31 +00:00 config.text
Switch#more config.text
!
enable password xunbo
重启之后
Switch>en
Password:
需要密码,现在我们假如不知道密码
1)断电重启,在启动的过程按住mode键,直到进入
The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
load_helper
boot
switch:
2)
switch: flash_init
Initializing Flash...
flashfs[0]: 371 files, 4 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 4739072
flashfs[0]: Bytes available: 3002368
flashfs[0]: flashfs fsck took 7 seconds.
...done initializing flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
3)switch: dir flash:
Directory of flash:/
2 -rwx 916 <date> vlan.dat
3 -rwx 3117090 <date> c2950-i6q4l2-mz.121-22.EA7.bin
4 drwx 4160 <date> html
375 -rwx 5 <date> private-config.text
376 -rwx 831 <date> config.text
4)
switch: rename flash:config.text flash:config.old
switch: dir flash:
Directory of flash:/
2 -rwx 916 <date> vlan.dat
3 -rwx 3117090 <date> c2950-i6q4l2-mz.121-22.EA7.bin
4 drwx 4160 <date> html
375 -rwx 5 <date> private-config.text
376 -rwx 831 <date> config.old
5)
switch: boot//重启
Switch>en
Switch#
00:01:31: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
Switch#
Switch#
Switch#sh run
恢复出厂配置
6)
Switch#rename flash:config.old flash:config.text
Switch#copy start run
%% Non-volatile configuration memory invalid or not present //不知道为什么行不通
Switch#copy flash:config.text system:running-config
Destination filename [running-config]?
831 bytes copied in 0.716 secs (1161 bytes/sec)
Switch#sh run
hostname Switch
!
enable password xunbo
7)接下来删掉密码
Switch# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#no enable pass xunbo
Switch(config)#end
Switch#
00:09:05: %SYS-5-CONFIG_I: Configured from console by console
Switch#write
Building configuration...
[OK]
Switch#dir flash:
Directory of flash:/
2 -rwx 916 Mar 01 1993 00:04:09 +00:00 vlan.dat
3 -rwx 3117090 Mar 01 1993 00:03:17 +00:00 c2950-i6q4l2-mz.121-22.EA7.bin
4 drwx 4160 Mar 01 1993 00:03:50 +00:00 html
374 -rwx 5 Mar 01 1993 00:09:16 +00:00 private-config.text
376 -rwx 809 Mar 01 1993 00:09:16 +00:00 config.text
大功告成!!!
记住要点:交换机与路由器的破解不一样。
交换机与寄存器无关。
破解交换机的步骤:把原来的配置改名,断电重启,按住mode键,把命名后的密码重新导入。
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-7-20 11:59:46
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡