Password Recovery (IOS)

As a Cisco Partner I have had several occasions to password recover some devices. Today brought an usual request of wanting to harvest the configuration not the password. A customer had a Cisco router provided by a 3rd party that they wanted to replace and return but unfortunately the vendor would/did not give them the information they needed to bypass the router and have the services handled directly by their equipment.

For some reason I always get a chuckle when doing these. The task is simple enough to complete. When you password recover the device it also provides you the current configuration, including passwords, except you are in enable mode and you can make any changes you deem necessary. To password recovery an IOS device do the following:

  1. Connect a console cable to the device and power the device on.
  2. Press CTRL-BRK to enter rommon.
  3. Type “confreg 0×2142″ and press enter.
  4. Type “reset” and press enter.
  5. Upon booting the device will ask you to enter a configuration setup wizard. Answer NO to this question. The device is now booted with no configuration.
  6. Type “enable” and press enter.
  7. Type “configure memory”

At this point you should see the hostname change and if you issue a “show running-config” you will see the complete configuration, including passwords. In the case of today the vendor did not run password encryption so all their passwords were in plain text. Ruh Roh!

This entry was posted on Friday, December 26th, 2008 at 7:00 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply