Tutorial No.5 Password recovery in Router

Password Recovery

Hello everyone. How you doing. 

This time i'm gonna discuss this very important tutorial with you. It's about how to recover routers password.

From time to time you will need to replace a password on a router that has been lost.This involves entering ROMMON mode of the router which is similar in function to the BIOS settings of a PC.Once in ROMMON mode, the router can be restarted but without using the saved configuration file. Once restarted without the configuration file, there is no password set as the router will have a blank configuration.Now the saved configuration file (startup-config) can be loaded onto the router and a new password set.The last task is to make sure that the router boots from the edited configuration file.

Entering ROMMON
ROMMON can only be entered when connected to the router using a console cable. You can use either a PC or a laptop for the connection. The console cable is connected to the RS232 port on the PC/ laptop and the console port on the router.

Now choose Terminal from the laptop Desktop and the configuration shown below will appear.


Note the settings for Bits per Second, Data Bits, Parity, Stop Bits and Flow Control.These are the default settings for Cisco routers and should not be changed for this exercise.

Press ok

  

Note that you cannot enter the router's Privileged Exec because you do not know the password.
Now you must force the router into ROMMON mode.

• Use the Physical tab on the router to turn the router's power off. 
• Turn the router on and QUICKLY while it is booting, return to the terminal connection via the laptop.
• Hold CTRL+BREAK keys and the router will enter ROMMON.
• If you are too slow, turn the router off and on again and repeat the CTRL+BREAK sequence.
• Once in ROMMON the router will display a different prompt, shown below.

Lost-Password!>System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)

Copyright (c) 2000 by cisco Systems, Inc.

cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory

Self decompressing the image :

########################

monitor: command "boot" aborted due to user interrupt

rommon 1 >

• Enter a question mark (?) at the prompt to display the commands available. Make a note of these commands.
• You need to change the configuration register value so that the router boots without using the saved configuration file.
• The value needed here is 0x2142.Then you need to reboot the router. This is accomplished using the reset command.

rommon 2 > confreg 0x2142

rommon 3 > reset

System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)

Copyright (c) 2000 by cisco Systems, Inc.

cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory

Self decompressing the image :

########################################################################## [OK]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is

--------------OUTPUT SUPPRESSED------------

--- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]: 

Recovering the Password

• Type n to continue.
• Now enter Privileged Exec mode.
• Now you should copy the existing startup-config file to the router's RAM.This is done by copying it to running-config.

Router#copy startup-config running-config

Destination filename [running-config]? 

531 bytes copied in 0.416 secs (1276 bytes/sec)

%SYS-5-CONFIG_I: Configured from console by console

Lost-Password!#

• Now the configuration register needs to be changed back to 0x2102 to make sure that the router boots properly from the stored startup-config file.

Lost-Password!#configure terminal 

Enter configuration commands, one per line. End with CNTL/Z.

Lost-Password!(config)#config-register 0x2102

• Now create a new enable password. 

Lost-Password!(config)#enable secret class

• Now that you have created a password, change the router's name to the displayed name (Twydall) and save the configuration.

Lost-Password!(config)#hostname Satnam

Satnaml(config)#exit

%SYS-5-CONFIG_I: Configured from console by console

Satnam#write

Building configuration...

[OK]

Satnam#

• Now check the status of the router interfaces.

Satnam#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 1.1.1.1 YES manual administratively down down

FastEthernet0/1 2.2.2.1 YES manual administratively down down

Vlan1 unassigned YES unset administratively down down

Satnam#

• What is the status of all of the router interfaces?
• You will need to change this before the router can perform properly once more.Enter each interface configuration mode and correct this.Save the configuration on the router.

Satnam#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Satnam(config)#int fa0/0

Satnam(config-if)#no shutdown 

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

Satnam(config-if)#int fa0/1

Satnam(config-if)#no shutdown 

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

Satnam(config-if)#end

%SYS-5-CONFIG_I: Configured from console by console

Satnam#wr

Building configuration...

[OK]

Satnam#

• You have now recovered the router's password.
• Check all is working properly by power-cycling (reload) the router.
• It should boot normally and display the Satnam hostname.
• Check that your new password will give you access to Privileged Exec.