< Free Open Study > |
Lab 1: Password Recovery ”Part IILab WalkthroughAs discussed previously, password recovery is similar from one router platform to another. Therefore, you can apply the process outlined earlier in this chapter here, with a few modifications to fit the lab exercise. The procedure outlined in the list that follows is valid for the following routers:
For this walkthrough, you perform a password recovery operation to gain privileged level access to your access server. In this example, the access server is called skynet_access_1. First, attach a PC or laptop with terminal-emulation software to the console port of the router. Power off the router and turn it back on. Within the first 60 seconds of initialization, issue a break signal from your terminal emulator. Example 1-38 demonstrates a successful break or halt of the OS. Example 1-38 A Successful BreakSystem Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 1986-1995 by cisco Systems 2500 processor with 14336 Kbytes of main memory Abort at 0x10EA888 (PC) > Getting the terminal-emulation software to send a break signal is a common problem with password recovery. Here are a few tips that might help if you have trouble sending a break signal:
When you see the abort message, you are ready to proceed. If you don't recall what type of routers support CONFREG, this is a good point to key in the ? for help and look for the CONFREG utility. In Example 1-39, you can see what the output from the ? looks like on the access server. Example 1-39 Output from the ? Command on Router That Doesn't Support CONFREG > ? $ Toggle cache state B [filename] [TFTP Server IP address TFTP Server Name] Load and execute system image from ROM or from TFTP server C [address] Continue execution [optional address] D /S M L V Deposit value V of size S into location L with modifier M E /S M L Examine location L with size S with modifier M G [address] Begin execution H Help for commands I Initialize K Stack trace L [filename] [TFTP Server IP address TFTP Server Name] Load system image from ROM or from TFTP server, but do not begin execution O Show configuration register option settings P Set the break point S Single step next instruction T function Test device (? for help) Deposit and Examine sizes may be B (byte), L (long) or S (short). Modifiers may be R (register) or S (byte swap). Register names are: D0D7, A0A6, SS, US, SR, and PC > Example 1-40 illustrates the same break, followed by the ? command; however, this time, it was performed on a router that supports CONFREG. Example 1-40 A Successful Break, Followed by the Output from the ? Command on Router That Supports CONFREG System Bootstrap, Version 5.3(16) [richardd 16], RELEASE SOFTWARE (fc1) Copyright (c) 1996 by cisco Systems, Inc. C4500 processor with 16384 Kbytes of main memory monitor: command "boot" aborted due to user interrupt rommon 1 > rommon 1 > ? alias set and display aliases command boot boot up an external process break set/show/clear the breakpoint confreg configuration register utility cont continue executing a downloaded image context display the context of a loaded image cookie display contents of cookie PROM in hex dev list the device table dir list files in file system dis disassemble instruction stream dnld serial download a program module frame print out a selected stack frame help monitor built in command help history monitor command history meminfo main memory information repeat repeat a monitor command reset system reset set display the monitor variables stack produce a stack trace sync write monitor environment to NVRAM sysret print out info from last system return unalias unset an alias unset unset a monitor variable rommon 2 > Set bit 6 of the register to 1 to ignore NVRAM on startup. This is done by keying in O/R hex-value and then pressing Enter. Then initialize, or reload, the router by keying in init. Example 1-41 demonstrates this procedure. Example 1-41 Setting Bit 6 to Ignore NVRAM, Followed by the initialization CommandSystem Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 19861995 by cisco Systems 2500 processor with 14336 Kbytes of main memory Abort at 0x10205A6 (PC) >o/r 0x2142 >init System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 19861995 by cisco Systems On a router that supports CONFREG, this process is just as straightforward. Example 1-42 demonstrates how this procedure is done on such a platform. In this example, a Cisco 4700 series router is used. Example 1-42 Setting Bit 6 to Ignore NVRAM, Followed by the reset Commandrommon 1 > confreg Configuration Summary enabled are: load rom after netboot fails console baud: 9600 boot: image specified by the boot system commands or default to: cisco2-C4500 do you wish to change the configuration? y/n [n]: y enable "diagnostic mode"? y/n [n]: n enable "use net in IP bcast address"? y/n [n]: n disable "load rom after netboot fails"? y/n [n]: n enable "use all zero broadcast"? y/n [n]: n enable "break/abort has effect"? y/n [n]: n enable "ignore system config info"? y/n [n]: y change console baud rate? y/n [n]: n change the boot characteristics? y/n [n]: n Configuration Summary enabled are: load rom after netboot fails ignore system config info console baud: 9600 boot: image specified by the boot system commands or default to: cisco2-C4500 do you wish to change the configuration? y/n [n]: n You must reset or power cycle for new config to take effect rommon 2 > reset System Bootstrap, Version 5.3(16) [richardd 16], RELEASE SOFTWARE (fc1) Copyright (c) 1996 by cisco Systems, Inc. When the router reloads, it will no longer have a running-configuration. The router will still have a startup-configuration, which is stored in NVRAM. To view this configuration, first enter enable mode and then enter the show startup-configuration command. If you want to preserve the existing configuration, perform the following steps, paying strict attention to the order.
|
< Free Open Study > |