Tuesday, July 26, 2011

Router Security - Password Recovery for Cisco FWSM

We firstly boot the FWSM into the maintenance partition (cf:1) with this command:

Router#hw-module module 7 reset cf:1
Device BOOT variable for reset = <cf:1>
Warning: Device list is not verified.
Proceed with reload of module?[confirm]
% reset issued for module 7
Router#
*Jul  7 08:41:06.103: SP: The PC in slot 7 is shutting down. Please wait ...
*Jul  7 08:41:06.191: SP: PC shutdown completed for module 7
*Jul  7 08:41:06.199: %C6KPWR-SP-4-DISABLED: power to module in slot 7 set off (Reset)
*Jul  7 08:43:09.539: SP: OS_BOOT_STATUS(7) MP OS Boot Status: finished booting
*Jul  7 08:43:36.623: %DIAG-SP-6-RUN_MINIMUM: Module 7: Running Minimal Diagnostics...
*Jul  7 08:43:43.687: %DIAG-SP-6-DIAG_OK: Module 7: Passed Online Diagnostics
*Jul  7 08:43:59.667: %OIR-SP-6-INSCARD: Card inserted in slot 7, interfaces are now online

Then we connect to the FWSM with username root password cisco


Router#session slot 7 processor 1  
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.71 ... Open
Cisco Maintenance image
login: root
Password:
Maintenance image version: 2.1(2)

Then we clear the passwords on cf:4 partition which holds the system configuration.This command will only clear the passwords, not all the system configurations.

Do you wish to erase the passwords? [yn] y
The following lines will be removed from the configuration:
        enable password jDUXMyqeIzxQIVgK encrypted
        passwd jDUXMyqeIzxQIVgK encrypted
Do you want to remove the commands listed above from the configuration? [yn] y
Passwords and aaa commands have been erased.
root@localhost.localdomain#exit
logout
[Connection to 127.0.0.71 closed by foreign host]

Then reboot the FWSM:

Router#hw-module module 7 reset
Device BOOT variable for reset = <empty>
Warning: Device list is not verified.
Proceed with reload of module?[confirm]
% reset issued for module 7
Router#
*Jul  7 08:46:58.783: SP: PC shutdown completed for module 7
*Jul  7 08:46:58.799: %C6KPWR-SP-4-DISABLED: power to module in slot 7 set off (Reset)
*Jul  7 08:49:14.540: %DIAG-SP-6-RUN_MINIMUM: Module 7: Running Minimal Diagnostics...
*Jul  7 08:49:17.424: %DIAG-SP-6-DIAG_OK: Module 7: Passed Online Diagnostics
*Jul  7 08:49:29.535: %OIR-SP-6-INSCARD: Card inserted in slot 7, interfaces are now online

Login as default:

Router#session slot 7 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.71 ... Open

User Access Verification
Password:

TEST-FWSM> en
Password:
TEST-FWSM#

No comments:

Post a Comment