思科2900、3500交换机密码破解过程
1、断掉交换机电源, 按下“MODE”键不放,打开交换机电源,释放“MODE”;
2、这时交换机不会自动引导,会出现提示符,要求您输入命令;
3、输入:flash_init;
4、输入:load_helper;
5、输入:dir flash:;
6、输入:rename flash:config.text flash:config.old(注:重新命名配置文件)
7、输入:boot;
8、在continue with cofiguratio dialog?[yes/no]输入:n
9、在提示符下输入:enable;
10、输入命令:rename flash:config.old flash:config.text(注:恢复配置文件)
11、输入命令:copy flash:config.text system:running-config(注:将配置文件保存)
12、进入
CISCO系列交换机之密码破解!
CISCO路由器密码破解方法到处都有,但关于CISCO交换机方面的密码破解少之又少,经过本人的多次实验,终于找到了破解CISCO系列交换机密码的方面,现跟大家一起分享:
先应该使用超级终端与交换机的CONSOLE口连接起来操作:
一、CISCO2900、3500系列
1、断掉交换机电源, 按下“MODE”键不放,打开交换机电源,待第一个网口灯熄灭后释放“MODE”;
2、这时交换机不会自动引导,会出现提示符,要求您输入命令;
3、输入:flash_init;
4、输入:load_helper;
5、输入:dir flash:;
6、输入:rename flash:config.text flash:config.old(注:重新命名配置文件)
7、输入:boot;
8、在continue with cofiguratio dialog?[yes/no]输入:n
9、在提示符下输入:enable;
10、输入命令:rename flash:config.old flash:config.text(注:恢复配置文件)
11、输入命令:copy flash:config.text system:running-config(注:将配置文件保存)
12、进入配置模式,修改密码;
13、保存,退出,密码修改成功;
二、CISCO1900系列
断掉交换机电源, 按下“MODE”键不放,打开交换机电源,释放“MODE”;启动后交换机会问您是否清除密码,回答即可![/sell]
交换机是网络常用设备之一,也是网络必备设备之一,作为网络的基础构件,它的安全性着实成为许多工程师及网管人员的首要关注点。
交换机在单位局域网中是必须使用的网络设备。
本人工作单位局域网中使用了15台CISCO Catalyst2950交换机。管理交换机是网络管理员的重要职责,为了提高网络的安全性,交换机口令对网络管理来讲是相当重要的,一旦忘记密码将对管理员造成重大的损失。
本文以Catalyst2950、Catalyst1900系列交换机为例介绍如何恢复交换机密码。
一、Catalyst 2950系列交换机密码恢复
1.建立PC到路由器的物理连接,用RS232 CONSOLE线(随交换机带)连接路由器CONSOLE接口和PC的COM口。
2.在计算机上使用超级终端:打开“开始-程序-附件-通讯-超级终端—新建超级终端”,首先为新建连接设置名称。
然后,设置连接用端口,一般选择COM1。
再设置连接参数,单击“还原为默认值”按钮,设置参数如下:每秒位数为9600,数据位为8,奇偶校验为无,停止位为1,数据流控制为无。
3.打开交换机电源,开机30秒内,按住交换机前面板左下方的MODE键。
4.进入BOOT模式,显示有3个选项,输入“flash_init”命令,开始初始化FLASH。
5.输入“load_helper”命令,执行“dir flash:”命令。
6.执行rename flash:config.text flash:config.old命令,进行更名含有password的配置文件。
7.执行boot命令启动交换机,此命令执行时间稍长些。
在出现“Would you like to enter the initial configuration dialog? [yes/no]:”时,输入“No”。
然后输入enable命令进入交换机特权模式,执行Switch#rename flash:config.old flash:config.text。
8.执行copy flash:config.text system:running-config,此命令是拷贝配置文件到当前系统中,也就是恢复原来交换机配置。
9.使用enable password或enable secret命令重新设置密码。
10.使用write memory命令保存配置,重启交换机,一切OK。
二、Catalyst1900系列交换机密码恢复
先连接计算机到交换机,使用超级终端。
然后,开机30秒钟内,按住MODE键,按照系统提示,将配置恢复为出厂值。
接着进入BOOT模式,并依次输入或执行前述相关命令。最后使用enable命令重新设置密码,保存配置后,重新启动即可。在此不再多述。
1
交换机先不启动
用console先连接交换机,这里的型号是2900xl
线的另外一头用转接线接到pc上,
在电脑上打开超级终端。
建超级终端的方法不在详细说明,
也很简单,把设置都点成默认的即可。
3
确认线都连好了,
然后打开交换机,在打开的同时,安装moderm检,大约10-15秒左右,直到出现
C2900XL Boot Loader (C2900-HBOOT-M) Version 12.0(5.2)XU, MAINTENANCE INTERIM SOF
TWARE
Compiled Mon 17-Jul-00 18:19 by ayounes
starting...
Base ethernet MAC Address: 00:03:e3:b6:de:00
Xmodem file system is available.
The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
load_helper
boot
switch:
switch:
4
输入命令
switch:flash_init
出现如下代码。
switch: flash_init
Initializing Flash...
flashfs[0]: 110 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 3612672
flashfs[0]: Bytes used: 2780672
flashfs[0]: Bytes available: 832000
flashfs[0]: flashfs fsck took 6 seconds.
...done Initializing Flash.
Boot Sector Filesystem (bs installed, fsid: 3
Parameter Block Filesystem (pb installed, fsid: 4
5
然后输入load_helper,这里没有什么显示的东西,接着第六步。
6然后查看flash
这个步骤是必须的,
输入命令
swtich:dir flash:
出现如下状态
switch: dir flash:
Directory of flash:/
2 -rwx 1645810 c2900XL-c3h2s-mz-120.5.2-XU.bin
3 -rwx 105970 c2900XL-diag-mz-120.5.2-XU
4 drwx 6784 html
111 -rwx 286 env_vars
113 -rwx 908 vlan.dat
114 -rwx 2052 config.text
832000 bytes available (2780672 bytes used)
这个有个config.txt,主要就是对这个文件的操作了,
交换机启动的时候要加载这个文件,我们把这个文件的名字给改掉就不加栽了,
swtich:rename flash:config.text flash:config.back
这样我们就不用输密码就能进入系统了。
7然后我们输入boot命令
让交换机启动,出现如下状态。
Loading "flash:c2900XL-c3h2s-mz-120.5.2-XU.bin"...##############################
################################################################################
#############################################
File "flash:c2900XL-c3h2s-mz-120.5.2-XU.bin"
oint: 0x3000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE IN
TERIM SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 17-Jul-00 17:35 by ayounes
Image text-base: 0x00003000, data-base: 0x00301F3C
Initializing C2900XL flash...
flashfs[1]: 110 files, 3 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 3612672
flashfs[1]: Bytes used: 2780672
flashfs[1]: Bytes available: 832000
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initializ
...done Initializing C2900XL flash.
C2900XL POST: System Board Test: Passed
C2900XL POST: Daughter Card Test: Passed
C2900XL POST: CPU Buffer Test: Passed
C2900XL POST: CPU Notify RAM Test: Passed
C2900XL POST: CPU Interface Test: Passed
C2900XL POST: Testing Switch Core: Passed
C2900XL POST: Testing Buffer Table: Passed
C2900XL POST: Data Buffer Test: Passed
C2900XL POST: Configuring Switch Parameters: Passed
C2900XL POST: Ethernet Controller Test: Passed
C2900XL POST: MII Test: Passed
cisco WS-C2924-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K byte
s of memory.
Processor board ID FAB0441T19K, with hardware revision 0x01
Last reset from power-on
Processor is running Enterprise Edition Software
Cluster command switch capable
Cluster member switch capable
24 FastEthernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:03:E3:B6E:00
Motherboard assembly number: 73-3382-08
Power supply part number: 34-0834-01
Motherboard serial number: FAB0440838L
Power supply serial number: DAB042636ZX
Model revision number: A0
Motherboard revision number: C0
Model number: WS-C2924-XL-EN
System serial number: FAB0441T19K
C2900XL INIT: Complete
00:00:28: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE IN
TERIM SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mo
蓝色狂想(43970287) 20:06:38
Compiled Mon 17-Jul-00 17:35 by ayounes
00:00:29: %SPANTREE-2-RECV_1Q_NON_TRUNK:
Received 802.1Q BPDU on non trunk FastEthernet0/1 on vlan 1.
00:00:29: %SPANTREE-2-BLOCK_PORT_TYPE: Blocking FastEthernet0/1 on vlan 1.
Inconsistent port type.
8
启动后.你会看到熟悉的Continue with configuration dialog? [yes/no]:
记住要输入n,
要做的事情改config.text的名字
Switch>en
Switch#rename flash:config.back flash:config.text
Destination filename [config.text]?
按回车
9
然后
switch#copy flash:config.text system:running-config
出现了如下情况
00:04:07: %LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administ
ratively down
00:04:07: %LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administ
ratively down
00:04:07: %LINK-5-CHANGED: Interface FastEthernet0/13, changed state to administ
ratively down
00:04:07: %LINK-5-CHANGED: Interface FastEthernet0/14, changed state to administ
ratively down
00:04:07: %LINK-5-CHANGED: Interface FastEthernet0/15, changed state to administ
ratively down
00:04:08: %LINK-5-CHANGED: Interfac
192.168.17.128 overlaps with VLAN1e FastEthernet0/16, changed state to administr
atively down
00:04:08: %LINK-5-CHANGED: Interface FastEthernet0/17, changed state to administ
ratively down
00:04:08: %LINK-5-CHANGED: Interface FastEthernet0/18, changed state to administ
ratively down
00:04:08: %LINK-5-CHANGED: Interface FastEthernet0/19, changed state to administ
ratively down
00:04:08: %LINK-5-CHANGED: Interface FastEthernet0/20, changed state to administ
ratively down
00:04:09: %LINK-5-CHANGED: Interface
2052 bytes copied in 5.736 secs (410 bytes/sec)
Switch#FastEthernet0/21, changed state to administratively down
00:04:09: %LINK-5-CHANGED: Interface FastEthernet0/22, changed state to administ
ratively down
00:04:09: %LINK-5-CHANGED: Interface FastEthernet0/23, changed state to administ
ratively down
00:04:09: %LINK-5-CHANGED: Interface FastEthernet0/24, changed state to administ
ratively down
Switch#
00:04:10: %SYS-5-CONFIG: Configured from by
Switch#
00:04:18: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/1 on vlan 1
.
Port consistency restored.
10
然后config term
Switch#config ter
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
进入终端模式
Switch(config)#enable secret cisco设置交换机密码为cisco
Switch(config)#end
Switch#
00:05:59: %SYS-5-CONFIG_I: Configured from console by console
11
Switch#copy running-config start
Destination filename [startup-config]?
Building configuration...
12
disable推出
en
测试密码是否成功,
reload
重启就可以了
到此完成了。
