cisco 2950 3550 3750 系列交换机密码破解
#本文中仅以2950 交换机为例进行说明
破解密码原则:只删除密码 ,不破坏配置
#本文中的#号表示注释的意思
#第一步. 连接交换机的console口到终端
#第二步. 按住交换机面板上的mode键的同时 插入电源,松开mode键
C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(6)EA2c, RELEASE SOFTWARE (fc1)
Compiled Thu 28-Feb-02 14:59 by antonino
WS-C2950C-24 starting...
Base ethernet MAC Address: 00:09:e8:b4:45:40
Xmodem file system is available.
The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
load_helper
boot
----------------------------------
#
#flash_init :初始化flash文件系统
#load_helper :加载帮助文件
#boot :启动设备进入正常的模式
switch: flash_init
#第三步 这里我们选择初始化 flash
Initializing Flash...
flashfs[0]: 17 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 4502528
flashfs[0]: Bytes available: 3238912
flashfs[0]: flashfs fsck took 7 seconds.
...done initializing flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
switch: rename flash:config.text flash:config.old
#第四步 改名含有password的配置文件
switch: boot
#第五步 启动交换机
Loading "flash:c2950-i6q4l2-mz.121-9.EA1.bin"...################################
Done initializing flashfs.
POST: System Boa
##################################################ST: Ethernet Controller
nt: 0x80010000 interface(s)
executing...
Restricted Rights Legendted non-volatile configuration memory.
Use, duplication, or disclosure by the Government is
Base ethernet MAC Address: 00:09:E8:B4:45:
subject to restrictions as set forth in subparagraphboard assembly number: 73-5750-10
(c) of the Commercial Computer Software - Restricted5-01
Motherboard
Rights clause at FAR sec. 52.227-19 and subparagraph
Power supply serial n
170 West Tasman Drive type vlan
San Jose, California 95134-1706
00:00:17: %SYS-5-CONFIG_I: Confi
Cisco Internetwork Operating System Software
00:
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(9)EA1, RELEASE SOFTWARE (
Cisco Internetwork Operating System Software
fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc., Version 12.1(9)EA1, RELEASE SOFTWARE (
Compiled Wed 24-Apr-02 06:57 by antonino
fc1)
Image text-base: 0x80010000, data-base: 0x804E8000
Compi
Initializing flashfs... antonino
flashfs[1]: flashfs fsck took 7 seconds.40
flashfs[1]: Initialization complete.e.
I
Done initializing flashfs.
flashfs[0]:
POST: System Board Test : Passed
flash
POST: Ethernet Controller Test : Passedctories
ASIC Initialization Passeds[0]: Total bytes: 7741440
POST: FRONT-END LOOPBACK TEST : Passed[0]: Bytes used: 4502528
cisco WS-C2950C-24 (RC32300) processor (revision E0) with 20815K bytes of memory
flashfs[0]: flashfs fsck took 6 second
.
Base ethernet MAC Address: 00:09:E8:B4:45:40############################################
Motherboard assembly number: 73-5750-10
Power supply part number: 34-0965-01
###################################
Motherboard serial number: FOC062403UM######
System serial number: FOC0624X14E
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: n
#第七步 选择n然后回车然后我们就会绕过原来的password
Switch>
Switch>
#八 进入特权模式
Switch>en
#这时开机已经忽略了password
Switch#rename flash:config.old flash:config.text
#第九步 恢复交换机配置文件
Destination filename [config.text]?
Switch#copy flash:config.text system:running
Switch#copy flash:config.text system:running-config
#第十步 copy 配置文件到当前系统中
Destination filename [running-config]?
1542 bytes copied in 1.704 secs (1542 bytes/sec)
Switch#
#########################################################################Current configuration : 1522 bytes
!
v
#十一步 修改口令
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#enable secret cisco
Switch(config)#line cons 0
Switch(config-line)#pass cisco
Switch(config-line)#login
Switch(config-line)#exit
Switch(config)#
-------------
Switch(config)#exit
Switch#
00:05:47: %SYS-5-CONFIG_I: Configured from console by console
Switch#copy run start
#十二步 保存配置
Destination filename [startup-config]?
Building configuration...
[OK]
Switch#
-=--------
Switch#reload
#重新启动
-----------
Press RETURN to get started!
00:00:14: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
00:00:17: %SYS-5-CONFIG_I: Configured from memory by console
00:00:17: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(9)EA1, RELEASE SOFTWARE (
fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 24-Apr-02 06:57 by antonino
00:00:18: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively do
wn
00:00:19: %LINEPRO
User Access Verification
Password: TO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
Password:
Switch>en
Password:
Switch#