Recovering Passwords of Cisco Router

When you forget the password, changing the configuration register will help you to get back and access router. Bit 6 in the configuration register tell the router whether to the contents of NVRAM to load a router configuration. But in the above example, the default configuration register value is 0x2102 which indicates that bit 6 is off. To recover a password, the user has to turn on bit 6. this indicates the router to ignore the NVRAM contents. When the bit 6 is turned on the configuration register value is 0x2142.

Important steps for password recovery are

1. Booting up a router and disrupting the boot sequence by pressing Ctrl+break.
2. Changing the configuration register to turn on bit 6.
3. Restarting the router and entering into privileged mode.
4. Copying the startup-config file to running-config and changing the password.
5. Changing the configuration register to the default value.
6. Saving the router configuration and rebooting the router.

Interrupting the router boot sequence

The first step in password recovery is to boot a router and perform break. This can be done by pressing Ctrl +Break key while using Hyper Terminal or when router first reboots. The following output is displayed when break is performed

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
PC = 0xfff0a530, Vector = 0×500, SP = 0×680127b0
C2600 platform with 32768 Kbytes of main memory
PC = 0xfff0a530, Vector = 0×500, SP = 0×80004374
monitor: command “boot” aborted due to user interrupt
rommon 1 >

The rommon 1> prompt is used to recover password.

Changing the configuration register

Enter the command at the rommon 1> prompt to change the bit value on a Cisco 2600 series router:

rommon 1> confreg 0x2142,

To run new configuration, you have to reset the router.

After creating a break sequence on the router, type o to change the configuration register value on 2500 series router. This gives the configuration register option settings menu. To change the configuration register, type o/r command followed by new register value. Turning on bit 6 on Cisco 2502 router is as shown below

System Bootstrap, Version 11.0(10c), SOFTWARE
Copyright (c) 1986-1996 by cisco Systems
2500 processor with 14336 Kbytes of main memory
Abort at 0×1098FEC (PC)
>o
Configuration register = 0×2102 at last boot
Bit# Configuration register option settings:
15 Diagnostic mode disabled
14 IP broadcasts do not have network numbers
13 Boot default ROM software if network boot fails
12-11 Console speed is 9600 baud
10 IP broadcasts with ones
08 Break disabled
07 OEM disabled
06 Ignore configuration disabled
03-00 Boot file is cisco2-2500 (or ‘boot system’ command)
>o/r 0×2142

The last entry in the router output is 03-00 tells the router which IOS boot file is used. By default the router will use the first file located in the flash memory. Change the configuration register or use the system IOS-name command to boot a different file name.

Reloading the Router and Entering Privileged Mode

After changing the configuration register value, you have to reload the router. In this step, you have to reset the router

• From the 2600 router, type reset.
• From the 2500 router, type I.

The router will be reloaded and ask whether you want to enter setup mode. Enter No or press Enter to get into user mode and then type enable to enter privileged mode.

Viewing and Changing the configuration

Now you can see that we have passed the step where required to enter user mode and privileged mode password. In this step you have to copy startup-config file into the running- file config with the help of copy startup- conflg running- config or copy start run command. This helps you to enter into privileged mode. You can now view and change the configuration, but you cannot view enable secret password.

Type the commands as shown below to change the password.

Conflg t
enable secret <secret password>

Resetting the configuration Register and Reloading the Router

After changing the password, set the configuration register back to default values using config-register command:

Config t
Config-register 0x2102

Save the new configuration using copy running-config startup-config and reload the router.