Cisco 6506Password 破解

winson

Contents　　Description
　　Step-by-Step Procedure
　　Example of a Password Recovery on the Catalyst 6000 MSFC Module
　　Related Information
　　Description
　　This document describes the password recovery procedure for the Cisco Catalyst 6000 Multilayer Switch Feature Card (MSFC).
　　Step-by-Step Procedure
　　Attach a terminal or PC with terminal emulation to the console port of the switch.
　　Use the following terminal settings: 9600 baud, no parity, 8 data bits, 1 stop bit
　　Type show module to determine the MSFC card on which to do password recovery.
　　The MSFC module is in slot 15 or 16.
　　Reset the MSFC module you want to do password recovery on.
　　Use the reset command to do this.
　　Wait 5 seconds and then connect to the MSFC console using the switch console command.
　　After seeing the message "Connected to Router", issue a break sequence.
　　The break key is a unique sequence that will break the MSFC into rommon. If this does not work, please refer to the break sequence page.
　　The MSFC will boot to a rommon> prompt.
　　Type confreg 0x42 at the rommon> prompt to configure the MSFC to boot without its configuration.
　　Display the current software in bootflash by issuing the dir bootflash: command and record the current software version.
　　Boot the system with the boot bootflash: command.
　　NOTE : Do NOT boot the system using the c6msfc-boot image. Doing so will result in loss of configuration after the password recovery process.
　　After the system boots, answer "No" to all the set-up questions or press Ctrl-C to skip the initial set-up procedure.
　　Type enable at the Router> prompt. This will put you in enable mode and you will see the Router# prompt.
　　Type config mem or copy startup-config running-config to copy the nonvolatile RAM (NVRAM) into memory.
　　This is a crucial step. DO NOT save the configuration (do not use write term or copy running-config startup-config)
　　Type write terminal or show running-config.
　　At this point, you should see the full configuration with the unknown enable password or enable secret. All other interfaces are shut down.
　　Type configure terminal to make the necessary changes.
　　The prompt is now hostname(config)#
　　Type enable secret . Replace with your password.
　　Use the no shutdown command on interfaces that are being used.
　　If you use the show ip interface brief command, every interface that you want to use should be up.
　　Type config-register 0x2102
　　Press Ctrl-Z to leave the configuration mode. The prompt is now hostname#
　　Type write memory or copy running-config startup-confi
　　g to commit the changes.
　　Example of a Password Recovery on the Catalyst 6000 MSFC Module
　　switch (enable) show module
　　Mod Slot Ports Module-Type　　　　　　　 Model　　　　　　　 Status
　　--- ---- ----- ------------------------- ------------------- --------
　　1　 1　　2　　 1000BaseX Supervisor　　　WS-X6K-SUP1A-2GE　　ok
　　15　1　　1　　 Multilayer Switch Feature WS-F6K-MSFC　　　　 ok
　　3　 3　　48　　10/100BaseTX Ethernet　　 WS-X6248-RJ-45　　　ok
　　4　 4　　8　　 1000BaseX Ethernet　　　　WS-X6408-GBIC　　　 ok
　　5　 5　　2　　 MM OC-12 ATM　　　　　　　WS-X6101-OC12-MMF　 ok
　　Mod Module-Name　　　　 Serial-Num
　　--- ------------------- -----------
　　1　　　　　　　　　　　 SAD03423133
　　15　　　　　　　　　　　SAD03414563
　　3　　　　　　　　　　　 SAD03242737
　　4　　　　　　　　　　　 SAD03220152
　　5　　　　　　　　　　　 SAD03433465
　　Mod MAC-Address(es)　　　　　　　　　　　　Hw　　 Fw　　　　 Sw
　　--- -------------------------------------- ------ ---------- -----------------
　　1　 00-30-96-2a-2a-9e to 00-30-96-2a-2a-9f 1.0　　5.2(1)　　 5.4(3)
　　00-30-96-2a-2a-9c to 00-30-96-2a-2a-9d
　　00-50-3e-9f-20-00 to 00-50-3e-9f-23-ff
　　15　00-30-96-2a-2a-a0 to 00-30-96-2a-2a-df 1.2　　12.1(1)E,　12.1(1)E,
　　3　 00-50-f0-af-24-d0 to 00-50-f0-af-24-ff 1.1　　4.2(0.24)V 5.4(3)
　　4　 00-d0-58-e9-d0-f0 to 00-d0-58-e9-d0-f7 2.1　　4.2(0.24)V 5.4(3)
　　5　 00-d0-bc-ef-03-68 to 00-d0
　　-bc-ef-03-87 1.0　　12.0(5)XS, 12.0(5)XS,
　　Mod Sub-Type　　　　　　　　Sub-Model　　　　　 Sub-Serial　Sub-Hw
　　--- ----------------------- ------------------- ----------- ------
　　1　 L3 Switching Engine　　 WS-F6K-PFC　　　　　SAD03424837 1.0
　　switch(enable) reset 15
　　Unsaved configuration on module 15 will be lost
　　Do you want to continue (y/n) [n]? y
　　2000 Jun 23 06:36:59 %SYS-5-MOD_RESET:Module 15 reset from Console//
　　Resetting module 15...
　　switch(enable) switch console
　　Trying Router-15...
　　Connected to Router-15.
　　Type ^C^C^C to switch back...
　　(A break-sequence has been sent here)
　　monitor: command "boot" aborted due to user interrupt
　　rommon 1 > confreg 0x42
　　You must reset or power cycle for new config to take effect
　　rommon 2 > dir bootflash:

　　File>　　1606784 bytes (0x188480)　 0xe58d8560　　c6msfc-boot-mz.120-7.XE1 <--- Don't use this image to boot !!!
　　8998276 bytes (0x894d84)　 0x1476de9　　c6msfc-jsv-mz.121-1.E.bin
　　rommon 3 > boot bootflash:c6msfc-jsv-mz.121-1.E.bin
　　Self decompressing the image : ########################################################################
　　####### [OK]
　　Restricted Rights Legend
　　Use, duplication, or disclosure by the Government is
　　subject to restrictions as set forth in subparagraph
　　(c) of the Commercial Computer Software - Restricted
　　Rights clause at FAR sec. 52.227-19 and subparagraph
　　(c) (1) (ii) of the Rights in Technical Data and Computer
　　Software clause at DFARS sec. 252.227-7013.
　　Cisco Systems, Inc.
　　170 West Tasman Drive
　　&nb
　　sp;　 San Jose, California 95134-1706
　　Cisco Internetwork Operating System Software

　　IOS (tm) MSFC Software (C6MSFC-JSV-M), Version 12.1(1)E, EARLY DEPLOYMENT>　　Copyright (c) 1986-2000 by cisco Systems, Inc.
　　Compiled Fri 24-Mar-00 13:57 by kpma
　　Image text-base: 0x60008900, data-base: 0x6146A000
　　Cisco Cat6k-MSFC (R5000) processor with 57344K/8192K bytes of memory.

　　Processor board>　　R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache
　　Last reset from power-on
　　Bridging software.
　　X.25 software, Version 3.0.0.
　　SuperLAT software (copyright 1990 by Meridian Technology Corp).
　　TN3270 Emulation software.
　　123K bytes of non-volatile configuration memory.
　　4096K bytes of packet SRAM memory.

　　16384K bytes of Flash internal SIMM (Sector>　　--- System Configuration Dialog ---
　　Would you like to enter the initial configuration dialog? [yes/no]:
　　(ctrl-C pressed)
　　Press RETURN to get started!
　　Module online.
　　Cisco Internetwork Operating System Software

　　IOS (tm) MSFC Software (C6MSFC-JSV-M), Version 12.1(1)E, EARLY DEPLOYMENT>　　Copyright (c) 1986-2000 by cisco Systems, Inc.
　　Compiled Fri 24-Mar-00 13:57 by kpma
　　Router>enable
　　Router#
　　Router#copy startup-config running-config
　　Destination filename [running-config]?
　　1153 bytes copied in 0.236 secs
　　msfc-switch#configure terminal
　　Enter configuration commands, one per line.　End with CNTL/Z.
　　msfc-switch(config)#enable secret Cisco
　　msfc-switch(config)#config-register 0x2102
　　msfc-switch(config)#^Z
　　msfc-switch#show ip interface brief
　　Interface　　　　　　　　　IP-Address　　　OK? Method Status　　　　　　　　Protocol
　　EOBC0/6　　　　　　　　　　127.0.0.12　　　YES unset　up　　　　　　　　　　up
　　Vlan10　　　　　　　　　　 10.1.1.2　　　　YES TFTP　 administratively down down
　　Vlan20　　　　　　　　　　 10.1.2.2　　　　YES TFTP　 administratively down down
　　Vlan30　　　　　　　　　　 10.1.3.2
　　;　　　 YES TFTP　 administratively down down
　　Vlan40　　　　　　　　　　 10.1.4.2　　　　YES TFTP　 administratively down down
　　Vlan50　　　　　　　　　　 10.1.5.2　　　　YES TFTP　 administratively down down
　　msfc-switch#configure terminal
　　Enter configuration commands, one per line.　End with CNTL/Z.
　　msfc-switch(config)#interface vlan10
　　msfc-switch(config-if)#no shutdown
　　msfc-switch(config-if)#^Z
　　msfc-switch#
　　00:02:16: %SYS-5-CONFIG_I: Configured from console by console
　　msfc-switch#write memory
　　Building configuration...
　　[OK]
　　msfc-switch#