07-27-2009 12:11 PM
I deleted a sheet of passowrd for my cisco router. now no access. the router are remote. anyone can help or suggest something, I am not in good position now
07-27-2009 12:13 PM
Here is the password recovery procedure for the majority of the routers / switches:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00801746e6.shtml
07-27-2009 01:17 PM
thanks I do know that . need someting that can help w/ remote
Thanks
07-27-2009 03:10 PM
one of my senior tech , was able to get the config form the router . he said that since there is an ftp enable on one of the router , he was able to get the config from there , then use
http://www.ifm.net.nz/cookbooks/passwordcracker.html
to crack the password
do you know what exactely was done ..
07-27-2009 09:17 PM
A couple of possible things:
1. For how to copy the configuration:
-the router had tftp server enabled, and the config was copied from tftp
-ip rcmd was enabled on the router, and via rsh the show run was taken, providing that password was known
-http server was enabled and the login / password was different than the router password, if for example router is using AAA server for login and http is using a local login/password.
-Via SNMP, with the CISCO-CONFIG-COPY-MIB, snmpset commands were initiated to the router to upload the configuration to an ftp server.
-Old IOS was using the ftp server functionality:
http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/ftpserve.html
There may be other ways, not that I know of.
2. Once the configuration was retrieved, the MD5 hash was decoded. You should use the command service password-encryption to prevent this to happen.
Provided the platform and version I may be able to help further.
07-28-2009 05:19 AM
Lucien
how do you copy the config from tftp server on the router. I think that is the metod that he used...i will do some reading about ip rcmd and the http server.
via SNMP ?..how does this work and done.
who ever said " you learn from your mistakes" is right , I would not feel Bad...
Thanks Lucien
07-28-2009 07:58 AM
Lucien,
I did find this link. I tried to follow the steps but no luck/
can you help.
Thanks
07-28-2009 08:32 AM
For the tftp part, that is a little tricky, the way I know how to do it is: login another router and issue the command copy tftp: flash:, then indicate the router you lost the password as the tftp server. You need to know what is the filename defined on the router for the config, and that is not something you can actually guess easily if you have not configured it yourself.
For the snmp part, you need to know the RW community string. In the link posted, the example is using private, if snmp was configured on this router, it may have a different community string as it's defined by the user.
If you find an old configuration archived somewhere, that will help you a lot.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: