Recover enable password on Cisco Devices

Recover enable password on Cisco Devices

It will happen to you… So it is better to be prepared.

Tools:

  • Console cable
  • Terminal software (putty or something else)
  • Patience… a lots of it

Router C2811

MY-ROUTER>en
Password:
Password:
Password:
% Bad passwords

MY-ROUTER>

Connect your PC to the Router using the console cable (physical access to the device is required).

Open the terminal software.

Power off the Router and then power it back on.

Press Ctrl + Break keys when the Router starts to boot up.

MY-ROUTER>

System Bootstrap, Version 12.4(13r)T11, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2009 by cisco Systems, Inc.
c2811 platform with 524288 Kbytes of main memory
Main memory is configured to 64 bit mode with ECC disabled

Upgrade ROMMON initialized
rommon 1 >

Once in rommon  you will need to change the configuration register in order to avoid the ROUTER to load the previous configuration, and then boot the device again.

rommon 1 > confreg 0x2142

rommon 2 > reset
c2811 platform with 524288 Kbytes of main memory

The Router will boot with a clean configuration and no password.

You should enter the privileged configuration mode (no password) and then copy the previous configuration to the running-config.

         --- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: no
Router>
Router>enable
Router#copy startup-config running-config
Destination filename [running-config]?
1287 bytes copied in 0.320 secs (4022 bytes/sec)

MY-ROUTER#

At this moment the previous configuration is loaded into running-config.

Change the enable password since you have now access to the configuration mode.

MY-ROUTER#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
MY-ROUTER(config)#enable secret cisco12345

Reconfigure the configuration register to default.

MY-ROUTER(config)#config-register 0x2102

Copy the actual configuration with the new password to the startup-config and reload the device.

MY-ROUTER#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...

[OK]
MY-ROUTER#reload

Switch C2960

MY-SWITCH>enable
Password:
Password:
Password:
% Bad secrets

MY-SWITCH>

Connect your PC to the SWITCH using the console cable (physical access to the device is required).

Open the terminal software.

Power off the SWITCH and then power it back on.

Press the mode button in the front of the  SWITCH for +/- 10 secs while it starts to boot up.

The SYST LED blinks amber and then turns dark and when you release it the SYST LED starts to blink green.

When you return to the console it should be in switch: .

The system has been interrupted prior to initializing the
flash filesystem.  The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
    flash_init
    boot
switch:

At this point you shoud initialize the flash and verify the file inside it.

switch: flash_init
<output omitted>
...done Initializing Flash.

switch: dir flash:
Directory of flash:/

    3  -rwx  11797699  <date>               c2960-lanbasek9-mz.150-2.SE7.bin
  550  -rwx  4940      <date>               config.text

10277888 bytes available (22236160 bytes used)

switch:

The config.text contains the previous configuration, so you should change its name to avoid it to load on next boot.

Reboot the device.

switch: rename flash:config.text flash:config.bkp

switch: dir flash:
Directory of flash:/
    3  -rwx  11797699  <date>               c2960-lanbasek9-mz.150-2.SE7.bin
  550  -rwx  4940      <date>               config.bkp

10277888 bytes available (22236160 bytes used)

switch: reset
Are you sure you want to reset the system (y/n)?y
System resetting...

The SWITCH will boot with a clean configuration and no password.

You should enter the privileged configuration mode (no password) and then copy the config.bkp file to the running-config.

Would you like to enter the initial configuration dialog? [yes/no]: no
Switch>enable
Switch#copy flash:config.bkp running-config
MY-SWITCH#

At this moment the previous configuration is loaded into running-config.

Change the enable password since you have now access to the configuration mode.

MY-SWITCH#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
MY-SWITCH(config)#enable secret cisco12345

Delete the backup file from flash.

MY-SWITCH#delete flash:config.bkp
Delete filename [config.bkp]?
Delete flash:/config.bkp? [confirm]
MY-SWITCH#

Copy the actual configuration with the new password to the startup-config and reload the device.

MY-SWITCH#write memory
Building configuration...
[OK]
MY-SWITCH#reload

ASA 5510

MY-ASA> enable
Password: ********
Invalid password
Password: ******** 
Invalid password
Password: ******** 
Invalid password
Access denied.
MY-ASA>

Connect your PC to the ASA using the console cable (physical access to the device is required).

Open the terminal software.

Power off the ASA and then power it back on.

Press Ctrl + Break keys when the ASA starts to boot up.

MY-ASA>

Booting system, please wait...

Platform ASA5510

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.

Management0/0
Ethernet auto negotiation timed out.
Interface-4 Link Not Established (check cable).

Default Interface number-4 Not Up

Use ? for help.
rommon #0>

Once in rommon  you will need to change the configuration register in order to avoid the ASA to load the previous configuration, and then boot the device again.

rommon #0> confreg 0x41

Update Config Register (0x41) in NVRAM...

rommon #1> boot
Launching BootLoader...
Default configuration file contains 1 entry.

Searching / for images to boot.

Loading /asa842-k8.bin...

The ASA will boot with a clean configuration and no password.

You should enter the privileged configuration mode (no password) and then copy the previous configuration to the running-config.

Type help or '?' for a list of available commands.
ciscoasa> en
Password:
ciscoasa# copy startup-config running-config

Destination filename [running-config]?

Cryptochecksum (unchanged): 4c954430 6de9c4b5 d0004dcd 21026ebe

2040 bytes copied in 0.180 secs
ASA#

At this moment the previous configuration is loaded into running-config.

Change the enable password since you have now access to the configuration mode.

ASA# configure terminal
ASA(config)#
ASA(config)# enable password cisco12345

Reconfigure the configuration register to default.

ASA(config)# no config-register

Copy the actual configuration with the new password to the startup-config and reload the device.

ASA(config)# write memory
Building configuration...
Cryptochecksum: 9ec91e09 accb595f 256e04d6 2e1e5168

2034 bytes copied in 3.410 secs (678 bytes/sec)
[OK]
ASA(config)# reload

 

Other software break key sequence here

 

That’s all for now, see you on the next post.

Stay good.

Advertisements

One thought on “Recover enable password on Cisco Devices

Comments are closed.