Break Cisco 7 Password

[Barb Frison]

Thedocumentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

The Catalyst 2955 series switches do not use an external mode button for password recovery. Instead, the switch boot loader uses the break-key detection to stop the automatic boot sequence for the password recovery purposes. The break sequence is determined by the terminal application and operating system used. Hyperterm that runs on Windows 2000 uses Ctrl + Break . On a workstation that runs UNIX, Ctrl-C is the break key. For more information, refer to Standard Break Key Sequence Combinations During Password Recovery.

It turns out I don't need 1Gb/s to things like VoIP phones and my Blu Ray player, so I could get away with older models with 100Mb/s ports and a single 1Gb/s uplink, like the WS-C2940-8TT-S which are available for 25 and fan-less, with something beefier as the "core".

Whilst I was getting it configured I figured I should probably have a go at performing the password reset. For some reason I had it stuck in my head this entailed sending a break signal whilst it was booting to get into ROMMON, and then changing the configuration-register to ignore the config stored in the NVRAM when it booted. After desperately sending break signals, swapping console cables and generally swearing at the thing I got around to RTFM and realised I was doing it wrong... it seems the whole break into ROMMON thing is the procedure for another router I own, but not the Cisco 2940. Doh!

J.Fisher CCNA

Je...@LasVegas.com RE: How do you reset a cisco 3600 back to factory default? tiash (TechnicalUser)(OP)9 Apr 01 09:06No. this is if the password recovery mode is enabled.

On this router it is diabled. So you can not recover a password you have to reset the router back to factory default.

I've done it before and I would like to know the proper way. There isn't any docs that I could find on it. but if you press the CTRL-break at the initial boot randomly I get lucky and the prompt comes up that will ask if you want to set back to factory default.

I don't like to depend on luck I like to know the proper way to get the fastest and most dependable results.

Thanks, RE: How do you reset a cisco 3600 back to factory default? talisker (MIS)9 Apr 01 15:07If you have read the link supplied by jeter, you will notice the line that says:

"Break (system interrupt) is always enabled for 60 seconds after the router reboots, regardless of whether Break is configured on or off in the configuration register"

My guess is you're either not waiting long enough (at least 5 seconds) or waiting too long before "breaking" the router.

So, reboot the router & press cntr-break to enter ROMMON mode. From here you can either recover the password, or if it's encrypted, change the configuration register so you can enter the intial setup dialog when you reboot. Here's one method (taken from the same doc.):

_mod/cis3600/3600ig/3600rom.htm#xtocid1499

I've tried this on a 3600 in my lab & it works great.

You might also be interested to know that there is a little-known bug in the 3600 platform that causes the router to boot to ROMMON mode if the router is power cycled several times in rapid succession. A colleague told me about this & I obsessively rebooted one of my test 3600's over a period of three days before I could get it to self-boot to ROMMON mode - so luck is definately a factor here.

Good luck! RE: How do you reset a cisco 3600 back to factory default? jeter (TechnicalUser)9 Apr 01 23:22here is another site if you wish too check it out.

_v1/tr1903.htm#xtocid1781619 J.Fisher CCNA

Je...@LasVegas.com RE: How do you reset a cisco 3600 back to factory default? UNIX72 (IS/IT--Management)10 Apr 01 15:51If you could use a different terminal software rather then windows hyperterminal. Had many problem with hyperterminal once i switch no problems. RE: How do you reset a cisco 3600 back to factory default? tiash (TechnicalUser)(OP)10 Apr 01 21:13The problem is mot getting the break to work it works but there is a command that will disallow you to get into the RMMON mode. This is when the password recovery is diabled. This is to prevent you from doing exactly what you guys are doing.

I've spoken to Cisco and they say the only way to do this IS to set back to factory default.

IF I reboot and randomly tap the break I will get the option to set back to factory default.

There has to be a proper procedure to this. This is not a common issue. As far as I know.

RE: How do you reset a cisco 3600 back to factory default? talisker (MIS)11 Apr 01 12:03Yours is indeed a sticky problem. I've had this happen to me only once -years ago- when I started a new job & inherited a bunch of routers fom my predecessor. One of these was booby-trapped in the same way yours is - a lost password for the ROMMON enable mode.

There are two ways that I know of to get around this:

1) Pull the boot ROM (PROM) & replace it with the boot ROM from another (same model) router. Boot up & you can change the config. register & recover/change the IOS enable password.

-OR-

2) If you know the Read/Write community string, use a tool like "Config Uploader" by Solarwinds to upload a new config. to the router.

Of course this won't help you to re-enable ROMMON.

What I actually did was to get Cisco to send me a new set of boot PROMs for the router - but I don't know if they'll still do that.

googletag.cmd.push(function() googletag.display('div-gpt-ad-1406030581151-2'); ); Red Flag This PostPlease let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

CancelRed Flag SubmittedThank you for helping keep Tek-Tips Forums free from inappropriate posts.

The Tek-Tips staff will check this out and take appropriate action.

So I want to try and crack the enable password, but i don't know what format it is or what tool i can use to brute force it. (Note the hash there is not the real hash, just a random hash i found online like the original)

Both the VPN settings mentioned above and the enable/passwd are not salted, contrary to what the hashcat.net thread suggests in Peleus's post.It is worth while checking this site: Nitrix Hash GeneratorIn there you can enter 'cisco' as the password and you'll recieve the common

Using Cain and Abel you should be able to crack your current password of 2KFQnbNIdI.2KYOU fairly fast with a dictionary or bruteforce. Not sure of the issue you are having with Cain but it should work (try bruteforce as well).

From what I can tell in the docs this is a "type 6" password and this seems to be related to encrypting a pre-shared key. "type 6" seems to be an improvement over "type 7" in that there is a per-device salt, though it is reversible.

I did some googling of the exact password line since you said its the default password, this article suggests running more system:running-config which will show you the preshared key (Reversing the preshared key). This was also noted in the CISCO documentation.

Type-6 passwords are encrypted using AES cipher and user-defined master key. These passwords are much better protected and the additional difficulty in their decryption is given by the fact that also the master key is defined by the user and is never displayed in the configuration. Without knowledge of this master key, Type-6 keys are unusable. The disadvantage is that when backing up a configuration or migrating it to another device, the master key is not dumped and has to be configured again manually.

8Ry2YjIyt7RRXU24 encrypted key is default but for cli it mean there is nothing set / no password. I guess that you are trying to access asa via cli.Just use enable command & press enter and you should be able to login

Getting old and not something I typically have to do much these days but short reminder to myself of how to send a break command to a serial port or console using minicom. Usually this is me knobbing around when I forget some Cisco device login and need to do the lovely password recovery process like THIS

EDIT- The solution is to use a different IOS version on a newly formatted flash card. This forces the config out of the router due to an IOS mismatch. You will be free to do any configuration from here on out because the router will be wiped.

I am attempting to recover my 2911 router. I wiped its config and it came back up asking for an enable password. It should have the cisco/cisco passwords and it should give you the option to change them. It is as though this was skipped. I thought this would be no big deal but it seems to have effectively bricked my router. Removing the flash results in a boot loop like seen below:

If I allow the router to boot it will try and tftp to the 255.255.255.255 address, a clear sign that it has no configuration. My question is if there is a way to reset the router, or if there is a configuration file that I can drop onto the flash that will allow me to boot to an actual configuration.

3a8082e126