四楼第一机房
5
号交换机具体实验
如何暴力破解WS-CISCO-2950-24交换机密码
以S5为例
第一种方法:暴力破解(直接删除保存密码的配置文件即可)
远程登陆交换机通信服务器
开始---运行—telnet 172.16.3.200 远程登陆交换机通信服务器
User Access Verification
Username: benet.cn 登陆帐号
Password: benet.cn 登陆密码(密码不显示)
swich-Server#s5 进入5号交换机
Trying s5 ( 1.1.1 .1, 2005)... Open
关闭5号交换机电源,按下交换机上的MODE键,重起交换机5, ,交换机启动出现switch:后停止按MODE键
C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1)
Compiled Mon 22-Jul-02 17:18 by antonino
WS-C2950SX-24 starting...
Base ethernet MAC Address: 00:0d:28:9b:4d:80
Xmodem file system is available.
The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
load_helper
boot
switch: flash_init 初始化交换机flash文件
Initializing Flash...
flashfs[0]: 10 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 2679808
flashfs[0]: Bytes available: 5061632
flashfs[0]: flashfs fsck took 7 seconds.
...done initializing flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
switch: dir flash: 显示5号交换机flash配置文件
Directory of flash:/
2 -rwx 1469 ?
3 drwx 128 lost+found
5 -rwx 1469 config.old
8 -rwx 1004 vlan.dat
9 -rwx 1472 up
7 -rwx 2664051 c2950-i6q 4l 2-mz.121-11.EA1.bin
10 -rwx 1460 y
11 -rwx 1670 config.old2
12 -rwx 5 private-config.text 交换机密码保存的地方
5061632 bytes available (2679808 bytes used)
switch: del flash:private-config.text 直接删除交换机保存密码的文件
Are you sure you want to delete "flash:private-config.text" (y/n)?y
File "flash:private-config.text" deleted
switch: dir flash: 显示5号交换机flash配置文件
Directory of flash:/
2 -rwx 1469 ?
3 drwx 128 lost+found
5 -rwx 1469 config.old
8 -rwx 1004 vlan.dat
9 -rwx 1472 up
7 -rwx 2664051 c2950-i6q 4l 2-mz.121-11.EA1.bin
10 -rwx 1460 y
11 -rwx 1670 config.old2
5062144 bytes available (2679296 bytes used)
switch: boot 重新启动交换机(或者reset)
###############################################################################
File "flash:/c2950-i6q 4l 2-mz.121-11.EA1.bin" uncompressed and installed, entry
oint: 0x80010000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose , California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q 4L 2-M), Version 12.1(11)EA1, RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 28-Aug-02 10:25 by antonino
Image text-base: 0x80010000, data-base: 0x80528000
Initializing flashfs...
flashfs[1]: 9 files, 2 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 7741440
flashfs[1]: Bytes used: 2679296
flashfs[1]: Bytes available: 5062144
flashfs[1]: flashfs fsck took 6 seconds.
flashfs[1]: Initialization complete.
Done initializing flashfs.
POST: System Board Test : Passed
POST: Ethernet Controller Test : Passed
ASIC Initialization Passed
cisco WS-C2950SX-24 (RC32300) processor (revision B0) with 20402K bytes of memo
y.
Processor board ID FOC0925X 3G 0
Last reset from system-reset
Running Standard Image
24 FastEthernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0D:28:9B:4D:80
Motherboard assembly number: 73-5781-12
Power supply part number: 34-0965-01
Motherboard serial number: 28-4641-05
Power supply serial number: PHI071407DY
Model revision number: B0
Motherboard revision number: B0
Model number: WS-C2950-24
System serial number: FOC0925X 3G 0
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started!
00:00:13: POST: Loop back Test Failed on GigabitEthernet0/1. State:Disabled
00:00:13: POST: Loop back Test Failed on GigabitEthernet0/2. State:Disabled
00:00:13: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
00:00:17: Gi0/1 can't be brought up because it failed POST in loopback test
00:00:17: Gi0/2 can't be brought up because it failed POST in loopback test
00:00:17: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C29
Switch>
Switch>
Switch>
Switch>
Switch>50-I6Q 4L 2-M), Version 12.1(11)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 28-Aug-02 10:25 by antoninocpd_port_enable: port 24 xcvr_enable_li
k: FALSE
cpd_port_enable: port 25 xcvr_enable_link: FALSE
00:00:19: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
00:00:19: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to up
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, c
anged state to down
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, c
anged state to down
00:00:20: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively d
wn
00:00:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, c
anged state to up
00:00:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, c
anged state to up
00:00:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state
o down
Switch>
Switch>
Switch>enable 进入特权模式
Switch#config terimal 进入全局配置模式
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
/*****************************************************************************/
第二种方法:密码恢复方式(修改交换机密码保存配置文件的扩展名,让交换机启动时饶过配置文件(config.text)进入特权模式,然后再把配置文件的扩展名恢复过来,然后在全局模式下,修改密码,并保存当前配置)
/*****************************************************************************/
远程登陆交换机通信服务器
开始---运行—telnet 172.16.3.200 远程登陆交换机通信服务器
User Access Verification
Username: benet.cn 登陆帐号
Password: benet.cn 登陆密码(密码不显示)
swich-Server#s5 进入5号交换机
Trying s5 ( 1.1.1 .1, 2005)... Open
关闭5号交换机电源,按下交换机上的MODE键,重起交换机5, ,交换机启动出现switch:后停止按MODE键
C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1)
Compiled Mon 22-Jul-02 17:18 by antonino
WS-C2950SX-24 starting...
Base ethernet MAC Address: 00:0d:28:9b:4d:80
Xmodem file system is available.
The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
load_helper
boot
switch: flash_init 初始化交换机flash文件
Initializing Flash...
flashfs[0]: 10 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 2679808
flashfs[0]: Bytes available: 5061632
flashfs[0]: flashfs fsck took 7 seconds.
...done initializing flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
switch: dir flash: 显示5号交换机flash配置文件
Directory of flash:/
2 -rwx 1469 ?
3 drwx 128 lost+found
5 -rwx 1469 config.old
8 -rwx 1004 vlan.dat
9 -rwx 1472 up
7 -rwx 2664051 c2950-i6q 4l 2-mz.121-11.EA1.bin
10 -rwx 1460 y
11 -rwx 1670 config.old2
12 -rwx 5 private-config.text 交换机密码保存的地方
5061632 bytes available (2679808 bytes used)
switch: rename flash:config.text flash:config.old 把config.text改为config.old
switch: dir flash: 显示5号交换机flash的具体配置文件
Directory of flash:/
2 -rwx 1469 ?
3 drwx 128 lost+found
8 -rwx 1004 vlan.dat
9 -rwx 1472 up
7 -rwx 2664051 c2950-i6q 4l 2-mz.121-11.EA1.bin
10 -rwx 1460 y
12 -rwx 1496 config.old
5063680 bytes available (2677760 bytes used)
switch: boot 重新启动交换机5(或者reset)
################################################################################
File "flash:/c2950-i6q 4l 2-mz.121-11.EA1.bin" uncompressed and installed, entry p
oint: 0x80010000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose , California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q 4L 2-M), Version 12.1(11)EA1, RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 28-Aug-02 10:25 by antonino
Image text-base: 0x80010000, data-base: 0x80528000
Initializing flashfs...
flashfs[1]: 9 files, 2 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 7741440
flashfs[1]: Bytes used: 2677760
flashfs[1]: Bytes available: 5063680
flashfs[1]: flashfs fsck took 6 seconds.
flashfs[1]: Initialization complete.
Done initializing flashfs.
POST: System Board Test : Passed
POST: Ethernet Controller Test : Passed
ASIC Initialization Passed
cisco WS-C2950SX-24 (RC32300) processor (revision B0) with 20402K bytes of memor
y.
Processor board ID FOC0925X 3G 0
Last reset from system-reset
Running Standard Image
24 FastEthernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0D:28:9B:4D:80
Motherboard assembly number: 73-5781-12
Power supply part number: 34-0965-01
Motherboard serial number: 28-4641-05
Power supply serial number: PHI071407DY
Model revision number: B0
Motherboard revision number: B0
Model number: WS-C2950-24
System serial number: FOC0925X 3G 0
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
00:00:13: POST: Loop back Test Failed on GigabitEthernet0/1. State:Disabled
00:00:13: POST: Loop back Test Failed on GigabitEthernet0/2. State:Disabled
00:00:13: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
00:00:17: Gi0/1 can't be brought up because it failed POST in loopback test
00:00:17: Gi0/2 can't be brought up because it failed POST in loopback test
00:00:17: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q 4L 2-M), Version 12.1(11)EA1, RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 28-Aug-02 10:25 by antoninocpd_port_enable: port 24 xcvr_enable_lin
k: FALSE
cpd_port_enable: port 25 xcvr_enable_link: FALSE
00:00:19: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
00:00:19: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to up
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, ch
anged state to up
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, ch
anged state to up
00:00:51: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state t
o up
% Please answer 'yes' or 'no'.
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]:
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]:
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]:
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started!
Switch>
00:01:01: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively do
wn
00:01:02: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state t
o down
Switch>enable 进入特权模式
Switch#dir flash:
Directory of flash:/
2 -rwx 1469 Mar 01 1993 00:06:29 ?
3 drwx 128 Mar 01 1993 00:00:07 lost+found
8 -rwx 1004 Mar 01 1993 03:36:00 vlan.dat
9 -rwx 1472 Mar 01 1993 00:18:51 up
7 -rwx 2664051 Mar 01 1993 00:02: 42 c 2950-i6q 4l 2-mz.121-11.EA1.bin
10 -rwx 1460 Mar 01 1993 00:02:20 y
12 -rwx 1496 Mar 01 1993 00:01:29 config.old 修改过的文件
7741440 bytes total (5063680 bytes free)
Switch#rename flash:config.old flash:config.text 将改过的文件再次改回来
Destination filename [config.text]?
%Error renaming flash:config.old to flash:config.text (No such file or directory
)
Switch#dir flash:
Directory of flash:/
2 -rwx 1469 Mar 01 1993 00:06:29 ?
3 drwx 128 Mar 01 1993 00:00:07 lost+found
8 -rwx 1004 Mar 01 1993 03:36:00 vlan.dat
9 -rwx 1472 Mar 01 1993 00:18:51 up
7 -rwx 2664051 Mar 01 1993 00:02: 42 c 2950-i6q 4l 2-mz.121-11.EA1.bin
10 -rwx 1460 Mar 01 1993 00:02:20 y
12 -rwx 1496 Mar 01 1993 00:01:29 config.text 改回来的文件
7741440 bytes total (5063680 bytes free)
Switch#copy running-config startup-config 保存当前配置文件(或者write)
Destination filename [startup-config]?
Building configuration...
[OK]
Switch#exit
Switch con0 is now available
Press RETURN to get started.
Switch>
Switch>
Switch>enable 进入特权模式
Switch#