cisco路由器密码全攻略胜一筹
1、首先在试验之前我们要理解路由器的工作原理:路由器在开机时首先会进行POST,检查硬件无故障后先读取ROM里的BootStrap程序进行初步引导。
2、初步引导完成后,尝试定位并读取完整的IOS镜像文件。在这里,路由器将会首先在FLASH中查找IOS文件,如果找到了IOS文件的话,那么读取IOS文件,引导路由器。
4. 如果在FLASH中没有找到IOS文件的话,那么路由器将会进入BOOT模式,在BOOT模式下可以使用TFTP上的IOS文件。或者使用TFTP/X-MODEM来给路由器的FLASH中传一个IOS文件(一般我们把这个过程叫做灌IOS)。传输完毕后重新启动路由器,路由器就可以正常启动到CLI模式。
5. 当路由器初始化完成IOS文件后,就会开始在NVRAM中查找STARTUP-CONFIG文件,STARTUP-CONFIG叫做启动配置文件。该文件里保存了我们对路由器所做的所有的配置和修改。当路由器找到了这个文件后,路由器就会加载该文件里的所有配置,并且根据配置来学习、生成、维护路由表,并将所有的配置加载到RAM(路由器的内存)里后,进入用户模式,最终完成启动过程。
6. 如果在NVRAM里没有STARTUP-CONFIG文件,则路由器会进入询问配置模式,也就是俗称的问答配置模式,在该模式下所有关于路由器的配置都可以以问答的形式进行配置。
在上面第5步我们会有所发现,只要我们跳过加载startup-config文件,不就是可以不需要密码进入了?因为我们所有的配置文件running-config完成配置后都需要cp running-config startup-config将内存的配置拷贝到NVRAM,这样才会保证重新加电时配置丢失,这里我们可以通过修改寄存器的值来实现这一过程。
下面是实验过程:
a、在打开路由器开关时,按下ctrl+break键进入ROM监控模式
monitor: command "boot" aborted due to user interrupt
rommon 1 >
b、修改寄存器值ox2102为ox2142
rommon 1 > confreg 0x2142
c、重启路由器
rommon 2 >
System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 2003 by cisco Systems,
C1700 platform with 65536 Kbytes of main memory
monitor: command "boot" aborted due to user interrupt
rommon 1 > confreg 0x2142
rommon 2 > reset
?
System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 2003 by cisco Systems, Inc.
C1700 platform with 65536 Kbytes of main memory
program load complete, entry point: 0x80008000, size: 0x553334
Self decompressing the image : #################################################
################################################### [OK]
Smart Init is enabled
smart init is sizing iomem
ID MEMORY_REQ TYPE
MainBoard 0X00027A80 1721
0X000F3BB0 public buffer pools
0X00211000 public particle pools
0X0039 0X0000DC00 Card in slot 0
0X0012 0X0001B800 Card in slot 1
TOTAL: 0X00355A30
If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem
system operation may be compromised.
Allocating additional 8035419 bytes to IO Memory.
PMem allocated: 55576949 bytes; IOMem allocated: 11531915 bytes
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-Y-M), Version 12.3(5b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 16-Jan-04 05:16 by kellythw
Image text-base: 0x80008120, data-base: 0x809FA874
cisco 1721 (MPC860P) processor (revision 0x300) with 54274K/11262K bytes of memo
ry.
Processor board ID FOC080503Y4 (2190598144), with hardware revision 0000
MPC860P processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
1 FastEthernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
d、选择no,进入用户模式,enable进入特权模式,将startup-config文件复制到running-config文件中
Router>
Router>en
Router#copy start run
Destination filename [running-config]?
592 bytes copied in 0.620 secs (955 bytes/sec)
Router#
e、修改控制台口令和特权模式口令
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#li
Router(config)#line co
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#pass
Router(config-line)#password 123
Router(config)#ena
Router(config)#enable pa
Router(config)#enable password 123
f、修改后保存配置文件
Router#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
Router#